Index

$ A B C D E F G H I J K L M N O P Q R S T U V W X Z _
All Classes and Interfaces|All Packages|Constant Field Values|Serialized Form

$

$2A - Enum constant in enum class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.BCryptVersion

$2B - Enum constant in enum class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.BCryptVersion

$2Y - Enum constant in enum class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.BCryptVersion

A

abort() - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule

Abort the authentication process by forgetting the Spring Security Authentication.

AbstractAccessDecisionManager - Class in org.springframework.security.access.vote

Deprecated.

Use AuthorizationManager instead

AbstractAccessDecisionManager(List<AccessDecisionVoter<?>>) - Constructor for class org.springframework.security.access.vote.AbstractAccessDecisionManager

Deprecated.

AbstractAclProvider - Class in org.springframework.security.acls.afterinvocation

Abstract AfterInvocationProvider which provides commonly-used ACL-related services.

AbstractAclProvider(AclService, String, List<Permission>) - Constructor for class org.springframework.security.acls.afterinvocation.AbstractAclProvider

AbstractAclVoter - Class in org.springframework.security.access.vote

Deprecated.

Now used by only-deprecated classes. Generally speaking, in-memory ACL is no longer advised, so no replacement is planned at this point.

AbstractAclVoter() - Constructor for class org.springframework.security.access.vote.AbstractAclVoter

Deprecated.

AbstractAuthenticationEvent - Class in org.springframework.security.authentication.event

Represents an application authentication event.

AbstractAuthenticationEvent(Authentication) - Constructor for class org.springframework.security.authentication.event.AbstractAuthenticationEvent

AbstractAuthenticationFailureEvent - Class in org.springframework.security.authentication.event

Abstract application event which indicates authentication failure for some reason.

AbstractAuthenticationFailureEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent

AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,T extends AbstractAuthenticationFilterConfigurer<B,T,F>,F extends AbstractAuthenticationProcessingFilter> - Class in org.springframework.security.config.annotation.web.configurers

Base class for configuring AbstractAuthenticationFilterConfigurer.

AbstractAuthenticationFilterConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Creates a new instance with minimal defaults

AbstractAuthenticationFilterConfigurer(F, String) - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Creates a new instance

AbstractAuthenticationProcessingFilter - Class in org.springframework.security.web.authentication

Abstract processor of browser-based HTTP-based authentication requests.

AbstractAuthenticationProcessingFilter(String) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

AbstractAuthenticationProcessingFilter(String, AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Creates a new instance with a default filterProcessesUrl and an AuthenticationManager

AbstractAuthenticationProcessingFilter(RequestMatcher) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Creates a new instance

AbstractAuthenticationProcessingFilter(RequestMatcher, AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Creates a new instance with a RequestMatcher and an AuthenticationManager

AbstractAuthenticationTargetUrlRequestHandler - Class in org.springframework.security.web.authentication

Base class containing the logic used by strategies which handle redirection to a URL and are passed an Authentication object as part of the contract.

AbstractAuthenticationTargetUrlRequestHandler() - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

AbstractAuthenticationToken - Class in org.springframework.security.authentication

Base class for Authentication objects.

AbstractAuthenticationToken(Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.AbstractAuthenticationToken

Creates a token with the supplied array of authorities.

AbstractAuthorizationEvent - Class in org.springframework.security.access.event

Deprecated.

Authorization events have moved. Consider AuthorizationGrantedEvent and AuthorizationDeniedEvent

AbstractAuthorizationEvent(Object) - Constructor for class org.springframework.security.access.event.AbstractAuthorizationEvent

Deprecated.

Construct the event, passing in the secure object being intercepted.

AbstractAuthorizeTag - Class in org.springframework.security.taglibs.authz

A base class for an <authorize> tag that is independent of the tag rendering technology (JSP, Facelets).

AbstractAuthorizeTag() - Constructor for class org.springframework.security.taglibs.authz.AbstractAuthorizeTag

AbstractCasAssertionUserDetailsService - Class in org.springframework.security.cas.userdetails

Abstract class for using the provided CAS assertion to construct a new User object.

AbstractCasAssertionUserDetailsService() - Constructor for class org.springframework.security.cas.userdetails.AbstractCasAssertionUserDetailsService

AbstractConfigAttributeRequestMatcherRegistry<C> - Class in org.springframework.security.config.annotation.web.configurers

A base class for registering RequestMatcher's.

AbstractConfigAttributeRequestMatcherRegistry() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry

AbstractConfiguredSecurityBuilder<O,B extends SecurityBuilder<O>> - Class in org.springframework.security.config.annotation

A base SecurityBuilder that allows SecurityConfigurer to be applied to it.

AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Creates a new instance with the provided ObjectPostProcessor.

AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>, boolean) - Constructor for class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Creates a new instance with the provided ObjectPostProcessor.

AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>,C extends AbstractDaoAuthenticationConfigurer<B,C,U>,U extends UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails

Allows configuring a DaoAuthenticationProvider

AbstractFallbackMethodSecurityMetadataSource - Class in org.springframework.security.access.method

Deprecated.

Use the use-authorization-manager attribute for <method-security> and <intercept-methods> instead or use annotation-based or AuthorizationManager-based authorization

AbstractFallbackMethodSecurityMetadataSource() - Constructor for class org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource

Deprecated.

AbstractHttpConfigurer<T extends AbstractHttpConfigurer<T,B>,B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers

Adds a convenient base class for SecurityConfigurer instances that operate on HttpSecurity.

AbstractHttpConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConfigurer<C,H>,H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Deprecated.

Use AuthorizeHttpRequestsConfigurer instead

AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry<R extends AbstractInterceptUrlConfigurer<C,H>.AbstractInterceptUrlRegistry<R,T>,T> - Class in org.springframework.security.config.annotation.web.configurers

Deprecated.

AbstractJaasAuthenticationProvider - Class in org.springframework.security.authentication.jaas

An AuthenticationProvider implementation that retrieves user details from a JAAS login configuration.

AbstractJaasAuthenticationProvider() - Constructor for class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider

AbstractLdapAuthenticationManagerFactory<T extends AbstractLdapAuthenticator> - Class in org.springframework.security.config.ldap

Creates an AuthenticationManager that can perform LDAP authentication.

AbstractLdapAuthenticationProvider - Class in org.springframework.security.ldap.authentication

Base class for the standard LdapAuthenticationProvider and the ActiveDirectoryLdapAuthenticationProvider.

AbstractLdapAuthenticationProvider() - Constructor for class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

AbstractLdapAuthenticator - Class in org.springframework.security.ldap.authentication

Base class for the authenticator implementations.

AbstractLdapAuthenticator(ContextSource) - Constructor for class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator

Create an initialized instance with the ContextSource provided.

AbstractMessageMatcherComposite<T> - Class in org.springframework.security.messaging.util.matcher

Abstract MessageMatcher containing multiple MessageMatcher

AbstractMethodSecurityMetadataSource - Class in org.springframework.security.access.method

Deprecated.

Use the use-authorization-manager attribute for <method-security> and <intercept-methods> instead or use annotation-based or AuthorizationManager-based authorization

AbstractMethodSecurityMetadataSource() - Constructor for class org.springframework.security.access.method.AbstractMethodSecurityMetadataSource

Deprecated.

AbstractOAuth2AuthorizationGrantRequest - Class in org.springframework.security.oauth2.client.endpoint

Base implementation of an OAuth 2.0 Authorization Grant request that holds an authorization grant credential and is used when initiating a request to the Authorization Server's Token Endpoint.

AbstractOAuth2AuthorizationGrantRequest(AuthorizationGrantType, ClientRegistration) - Constructor for class org.springframework.security.oauth2.client.endpoint.AbstractOAuth2AuthorizationGrantRequest

Sub-class constructor.

AbstractOAuth2Token - Class in org.springframework.security.oauth2.core

Base class for OAuth 2.0 Token implementations.

AbstractOAuth2Token(String) - Constructor for class org.springframework.security.oauth2.core.AbstractOAuth2Token

Sub-class constructor.

AbstractOAuth2Token(String, Instant, Instant) - Constructor for class org.springframework.security.oauth2.core.AbstractOAuth2Token

Sub-class constructor.

AbstractOAuth2TokenAuthenticationToken<T extends OAuth2Token> - Class in org.springframework.security.oauth2.server.resource.authentication

Base class for AbstractAuthenticationToken implementations that expose common attributes between different OAuth 2.0 Access Token Formats.

AbstractOAuth2TokenAuthenticationToken(T) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken

Sub-class constructor.

AbstractOAuth2TokenAuthenticationToken(T, Object, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken

AbstractOAuth2TokenAuthenticationToken(T, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken

Sub-class constructor.

AbstractPasswordEncoder - Class in org.springframework.security.crypto.password

Abstract base class for password encoders

AbstractPasswordEncoder() - Constructor for class org.springframework.security.crypto.password.AbstractPasswordEncoder

AbstractPermission - Class in org.springframework.security.acls.domain

Provides an abstract superclass for Permission implementations.

AbstractPermission(int) - Constructor for class org.springframework.security.acls.domain.AbstractPermission

Sets the permission mask and uses the '*' character to represent active bits when represented as a bit pattern string.

AbstractPermission(int, char) - Constructor for class org.springframework.security.acls.domain.AbstractPermission

Sets the permission mask and uses the specified character for active bits.

AbstractPreAuthenticatedProcessingFilter - Class in org.springframework.security.web.authentication.preauth

Base class for processing filters that handle pre-authenticated authentication requests, where it is assumed that the principal has already been authenticated by an external system.

AbstractPreAuthenticatedProcessingFilter() - Constructor for class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

AbstractRememberMeServices - Class in org.springframework.security.web.authentication.rememberme

Base class for RememberMeServices implementations.

AbstractRememberMeServices(String, UserDetailsService) - Constructor for class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

AbstractRequestMatcherRegistry<C> - Class in org.springframework.security.config.annotation.web

A base class for registering RequestMatcher's.

AbstractRequestMatcherRegistry() - Constructor for class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

AbstractRequestParameterAllowFromStrategy - Class in org.springframework.security.web.header.writers.frameoptions

Deprecated.

ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.

AbstractRestClientOAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> - Class in org.springframework.security.oauth2.client.endpoint

Abstract base class for RestClient-based implementations of OAuth2AccessTokenResponseClient that communicate to the Authorization Server's Token Endpoint.

AbstractRetryEntryPoint - Class in org.springframework.security.web.access.channel

AbstractRetryEntryPoint(String, int) - Constructor for class org.springframework.security.web.access.channel.AbstractRetryEntryPoint

AbstractSaml2AuthenticationRequest - Class in org.springframework.security.saml2.provider.service.authentication

Data holder for AuthNRequest parameters to be sent using either the Saml2MessageBinding.POST or Saml2MessageBinding.REDIRECT binding.

AbstractSaml2AuthenticationRequest.Builder<T extends AbstractSaml2AuthenticationRequest.Builder<T>> - Class in org.springframework.security.saml2.provider.service.authentication

A builder for AbstractSaml2AuthenticationRequest and its subclasses.

AbstractSecurityBuilder<O> - Class in org.springframework.security.config.annotation

A base SecurityBuilder that ensures the object being built is only built one time.

AbstractSecurityBuilder() - Constructor for class org.springframework.security.config.annotation.AbstractSecurityBuilder

AbstractSecurityExpressionHandler<T> - Class in org.springframework.security.access.expression

Base implementation of the facade which isolates Spring Security's requirements for evaluating security expressions from the implementation of the underlying expression objects.

AbstractSecurityExpressionHandler() - Constructor for class org.springframework.security.access.expression.AbstractSecurityExpressionHandler

AbstractSecurityInterceptor - Class in org.springframework.security.access.intercept

Deprecated.

Use AuthorizationFilter instead for filter security, AuthorizationChannelInterceptor for messaging security, or AuthorizationManagerBeforeMethodInterceptor and AuthorizationManagerAfterMethodInterceptor for method security.

AbstractSecurityInterceptor() - Constructor for class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

AbstractSecurityWebApplicationInitializer - Class in org.springframework.security.web.context

Registers the DelegatingFilterProxy to use the springSecurityFilterChain before any other registered Filter.

AbstractSecurityWebApplicationInitializer() - Constructor for class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer

Creates a new instance that assumes the Spring Security configuration is loaded by some other means than this class.

AbstractSecurityWebApplicationInitializer(Class<?>...) - Constructor for class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer

Creates a new instance that will instantiate the ContextLoaderListener with the specified classes.

AbstractSecurityWebSocketMessageBrokerConfigurer - Class in org.springframework.security.config.annotation.web.socket

Deprecated.

Use EnableWebSocketSecurity instead

AbstractSecurityWebSocketMessageBrokerConfigurer() - Constructor for class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

Deprecated.

AbstractServerWebExchangeMatcherRegistry<T> - Class in org.springframework.security.config.web.server

AbstractSessionEvent - Class in org.springframework.security.core.session

Abstract superclass for all session related events.

AbstractSessionEvent(Object) - Constructor for class org.springframework.security.core.session.AbstractSessionEvent

AbstractSessionFixationProtectionStrategy - Class in org.springframework.security.web.authentication.session

A base class for performing session fixation protection.

AbstractSessionFixationProtectionStrategy.NullEventPublisher - Class in org.springframework.security.web.authentication.session

AbstractUserDetailsAuthenticationProvider - Class in org.springframework.security.authentication.dao

A base AuthenticationProvider that allows subclasses to override and work with UserDetails objects.

AbstractUserDetailsAuthenticationProvider() - Constructor for class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

AbstractUserDetailsReactiveAuthenticationManager - Class in org.springframework.security.authentication

A base ReactiveAuthenticationManager that allows subclasses to override and work with UserDetails objects.

AbstractUserDetailsReactiveAuthenticationManager() - Constructor for class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager

AbstractUserDetailsServiceBeanDefinitionParser - Class in org.springframework.security.config.authentication

AbstractUserDetailsServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser

AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> - Class in org.springframework.security.oauth2.client.endpoint

Abstract base class for all of the WebClientReactive*TokenResponseClients that communicate to the Authorization Server's Token Endpoint.

acceptMediaType(MediaType) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder

Specify a media type to set as the Accept header in the request.

access(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Deprecated.

Allows specifying that URLs are secured by an arbitrary expression

access(String) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Deprecated.

Allows specifying that Messages are secured by an arbitrary expression

access(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl

Deprecated.

Specifies that the user must have the specified ConfigAttribute's

access(AuthorizationManager<MessageAuthorizationContext<?>>) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint

Allows specifying that Messages are secured by an arbitrary expression

access(AuthorizationManager<RequestAuthorizationContext>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Allows specifying a custom AuthorizationManager.

access(ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access

access(ReactiveAuthorizationManager<AuthorizationContext>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access

Allows plugging in a custom authorization strategy

Access() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access

ACCESS_ABSTAIN - Static variable in interface org.springframework.security.access.AccessDecisionVoter

Deprecated.

ACCESS_DENIED - Static variable in interface org.springframework.security.access.AccessDecisionVoter

Deprecated.

ACCESS_DENIED - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes

access_denied - The resource owner or authorization server denied the request.

ACCESS_DENIED_403 - Static variable in class org.springframework.security.web.WebAttributes

Used to cache an AccessDeniedException in the request for rendering.

ACCESS_DENIED_HANDLER - Static variable in class org.springframework.security.config.Elements

ACCESS_GRANTED - Static variable in interface org.springframework.security.access.AccessDecisionVoter

Deprecated.

ACCESS_TOKEN - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

access_token - used in Authorization Response and Access Token Response.

AccessControlEntry - Interface in org.springframework.security.acls.model

Represents an individual permission assignment within an Acl.

AccessControlEntryImpl - Class in org.springframework.security.acls.domain

An immutable default implementation of AccessControlEntry.

AccessControlEntryImpl(Serializable, Acl, Sid, Permission, boolean, boolean, boolean) - Constructor for class org.springframework.security.acls.domain.AccessControlEntryImpl

AccessControlListTag - Class in org.springframework.security.taglibs.authz

An implementation of Tag that allows its body through if all authorizations are granted to the request's principal.

AccessControlListTag() - Constructor for class org.springframework.security.taglibs.authz.AccessControlListTag

accessDecisionManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Deprecated.

Allows subclasses to provide a custom AccessDecisionManager.

accessDecisionManager(AccessDecisionManager) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry

Deprecated.

Allows setting the AccessDecisionManager.

AccessDecisionManager - Interface in org.springframework.security.access

Deprecated.

Use AuthorizationManager instead

AccessDecisionVoter<S> - Interface in org.springframework.security.access

Deprecated.

Use AuthorizationManager instead

AccessDeniedException - Exception in org.springframework.security.access

Thrown if an Authentication object does not hold a required authority.

AccessDeniedException(String) - Constructor for exception org.springframework.security.access.AccessDeniedException

Constructs an AccessDeniedException with the specified message.

AccessDeniedException(String, Throwable) - Constructor for exception org.springframework.security.access.AccessDeniedException

Constructs an AccessDeniedException with the specified message and root cause.

accessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer

Specifies the AccessDeniedHandler to be used

accessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec

Configures the ServerAccessDeniedHandler used when a CSRF token is invalid.

accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec

Configures what to do when an authenticated user does not hold a required authority

accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

Configures the ServerAccessDeniedHandler to use for requests authenticating with Bearer Tokens.

AccessDeniedHandler - Interface in org.springframework.security.web.access

Used by ExceptionTranslationFilter to handle an AccessDeniedException.

AccessDeniedHandlerImpl - Class in org.springframework.security.web.access

Base implementation of AccessDeniedHandler.

AccessDeniedHandlerImpl() - Constructor for class org.springframework.security.web.access.AccessDeniedHandlerImpl

accessDeniedPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer

Shortcut to specify the AccessDeniedHandler to be used is a specific error page

accessToken(OAuth2AccessToken) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator

Use this OAuth2AccessToken

accessToken(OAuth2AccessToken) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor

Use this OAuth2AccessToken

accessTokenHash(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder

Use this access token hash in the resulting OidcIdToken

accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer

Sets the client used for requesting the access token credential from the Token Endpoint.

accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.TokenEndpointConfig

Sets the client used for requesting the access token credential from the Token Endpoint.

accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder

Sets the client used when requesting an access token credential at the Token Endpoint.

accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder

Sets the client used when requesting an access token credential at the Token Endpoint.

accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder

Sets the client used when requesting an access token credential at the Token Endpoint.

accessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder

Sets the client used when requesting an access token credential at the Token Endpoint.

accessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder

Sets the client used when requesting an access token credential at the Token Endpoint.

accessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder

Sets the client used when requesting an access token credential at the Token Endpoint.

ACCOUNT_LOCKED - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus

accountExpired(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder

Defines if the account is expired or not.

accountExpired(boolean) - Method in class org.springframework.security.core.userdetails.User.UserBuilder

Defines if the account is expired or not.

accountExpired(boolean) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator

AccountExpiredException - Exception in org.springframework.security.authentication

Thrown if an authentication request is rejected because the account has expired.

AccountExpiredException(String) - Constructor for exception org.springframework.security.authentication.AccountExpiredException

Constructs a AccountExpiredException with the specified message.

AccountExpiredException(String, Throwable) - Constructor for exception org.springframework.security.authentication.AccountExpiredException

Constructs a AccountExpiredException with the specified message and root cause.

accountLocked(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder

Defines if the account is locked or not.

accountLocked(boolean) - Method in class org.springframework.security.core.userdetails.User.UserBuilder

Defines if the account is locked or not.

accountLocked(boolean) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator

AccountStatusException - Exception in org.springframework.security.authentication

Base class for authentication exceptions which are caused by a particular user account status (locked, disabled etc).

AccountStatusException(String) - Constructor for exception org.springframework.security.authentication.AccountStatusException

AccountStatusException(String, Throwable) - Constructor for exception org.springframework.security.authentication.AccountStatusException

AccountStatusUserDetailsChecker - Class in org.springframework.security.authentication

AccountStatusUserDetailsChecker() - Constructor for class org.springframework.security.authentication.AccountStatusUserDetailsChecker

Acl - Interface in org.springframework.security.acls.model

Represents an access control list (ACL) for a domain object.

AclAuthorizationStrategy - Interface in org.springframework.security.acls.domain

Strategy used by AclImpl to determine whether a principal is permitted to call adminstrative methods on the AclImpl.

AclAuthorizationStrategyImpl - Class in org.springframework.security.acls.domain

Default implementation of AclAuthorizationStrategy.

AclAuthorizationStrategyImpl(GrantedAuthority...) - Constructor for class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl

Constructor.

AclCache - Interface in org.springframework.security.acls.model

A caching layer for JdbcAclService.

AclDataAccessException - Exception in org.springframework.security.acls.model

Abstract base class for Acl data operations.

AclDataAccessException(String) - Constructor for exception org.springframework.security.acls.model.AclDataAccessException

Constructs an AclDataAccessException with the specified message and no root cause.

AclDataAccessException(String, Throwable) - Constructor for exception org.springframework.security.acls.model.AclDataAccessException

Constructs an AclDataAccessException with the specified message and root cause.

AclEntryAfterInvocationCollectionFilteringProvider - Class in org.springframework.security.acls.afterinvocation

Given a Collection of domain object instances returned from a secure object invocation, remove any Collection elements the principal does not have appropriate permission to access as defined by the AclService.

AclEntryAfterInvocationCollectionFilteringProvider(AclService, List<Permission>) - Constructor for class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider

AclEntryAfterInvocationProvider - Class in org.springframework.security.acls.afterinvocation

Given a domain object instance returned from a secure object invocation, ensures the principal has appropriate permission as defined by the AclService.

AclEntryAfterInvocationProvider(AclService, String, List<Permission>) - Constructor for class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider

AclEntryAfterInvocationProvider(AclService, List<Permission>) - Constructor for class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider

AclEntryVoter - Class in org.springframework.security.acls

Given a domain object instance passed as a method argument, ensures the principal has appropriate permission as indicated by the AclService.

AclEntryVoter(AclService, String, Permission[]) - Constructor for class org.springframework.security.acls.AclEntryVoter

AclFormattingUtils - Class in org.springframework.security.acls.domain

Utility methods for displaying ACL information.

AclFormattingUtils() - Constructor for class org.springframework.security.acls.domain.AclFormattingUtils

AclImpl - Class in org.springframework.security.acls.domain

Base implementation of Acl.

AclImpl(ObjectIdentity, Serializable, AclAuthorizationStrategy, AuditLogger) - Constructor for class org.springframework.security.acls.domain.AclImpl

Minimal constructor, which should be used MutableAclService.createAcl(ObjectIdentity) .

AclImpl(ObjectIdentity, Serializable, AclAuthorizationStrategy, PermissionGrantingStrategy, Acl, List<Sid>, boolean, Sid) - Constructor for class org.springframework.security.acls.domain.AclImpl

Full constructor, which should be used by persistence tools that do not provide field-level access features.

AclPermissionCacheOptimizer - Class in org.springframework.security.acls

Batch loads ACLs for collections of objects to allow optimised filtering.

AclPermissionCacheOptimizer(AclService) - Constructor for class org.springframework.security.acls.AclPermissionCacheOptimizer

AclPermissionEvaluator - Class in org.springframework.security.acls

Used by Spring Security's expression-based access control implementation to evaluate permissions for a particular object using the ACL module.

AclPermissionEvaluator(AclService) - Constructor for class org.springframework.security.acls.AclPermissionEvaluator

aclService - Variable in class org.springframework.security.acls.afterinvocation.AbstractAclProvider

AclService - Interface in org.springframework.security.acls.model

Provides retrieval of Acl instances.

ACR - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames

acr - the Authentication Context Class Reference

ACTIVE - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames

active - Indicator whether or not the token is currently active

ActiveDirectoryAuthenticationException - Exception in org.springframework.security.ldap.authentication.ad

Thrown as a translation of an AuthenticationException when attempting to authenticate against Active Directory using ActiveDirectoryLdapAuthenticationProvider.

ActiveDirectoryLdapAuthenticationProvider - Class in org.springframework.security.ldap.authentication.ad

Specialized LDAP authentication provider which uses Active Directory configuration conventions.

ActiveDirectoryLdapAuthenticationProvider(String, String) - Constructor for class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider

ActiveDirectoryLdapAuthenticationProvider(String, String, String) - Constructor for class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider

ACTOR_TOKEN - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

actor_token - used in Token Exchange Access Token Request.

ACTOR_TOKEN_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

actor_token_type - used in Token Exchange Access Token Request.

add(PayloadExchangeMatcherEntry<ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext>>) - Method in class org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager.Builder

add(ServerWebExchangeMatcherEntry<ReactiveAuthorizationManager<AuthorizationContext>>) - Method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager.Builder

add(ServerWebExchangeMatcher, ReactiveAuthenticationManager) - Method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.Builder

Maps a ServerWebExchangeMatcher to an ReactiveAuthenticationManager.

add(RequestMatcher, AuthenticationManager) - Method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver.Builder

Maps a RequestMatcher to an AuthorizationManager.

add(RequestMatcher, AuthorizationManager<RequestAuthorizationContext>) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder

Maps a RequestMatcher to an AuthorizationManager.

addAdvisor(AuthorizationAdvisor) - Method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory

Add an advisor that should be included to each proxy created.

addArgumentResolvers(List<HandlerMethodArgumentResolver>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

Deprecated.

addArgumentResolvers(List<HandlerMethodArgumentResolver>) - Method in class org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration

Deprecated.

addAuthorities(LdapName, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

addAuthorities(DistinguishedName, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

Deprecated.

addAuthority(GrantedAuthority) - Method in class org.springframework.security.core.userdetails.memory.UserAttribute

addAuthority(GrantedAuthority) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence

Adds the authority to the list, unless it is already there, in which case it is ignored

addCn(String) - Method in class org.springframework.security.ldap.userdetails.Person.Essence

addConverters(ConverterRegistry) - Static method in class org.springframework.security.oauth2.core.converter.ClaimConversionService

Adds the converters that provide type conversion for claim values to the provided ConverterRegistry.

addCustomAuthorities(String, List<GrantedAuthority>) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

Allows subclasses to add their own granted authorities to the list to be returned in the UserDetails.

addFilter(Filter) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

addFilter(Filter) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder

Adds a Filter that must be an instance of or extend one of the Filters provided within the Security framework.

addFilterAfter(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

addFilterAfter(Filter, Class<? extends Filter>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder

Allows adding a Filter after one of the known Filter classes.

addFilterAfter(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Adds a WebFilter after specific position.

addFilterAt(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Adds the Filter at the location of the specified Filter class.

addFilterAt(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Adds a WebFilter at a specific position.

addFilterBefore(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

addFilterBefore(Filter, Class<? extends Filter>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder

Allows adding a Filter before one of the known Filter classes.

addFilterBefore(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Adds a WebFilter before specific position.

addGroupAuthority(String, GrantedAuthority) - Method in interface org.springframework.security.provisioning.GroupManager

Assigns a new authority to a group.

addGroupAuthority(String, GrantedAuthority) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

addHeader(String, String) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper

addHeadersConverter(Converter<TokenExchangeGrantRequest, HttpHeaders>) - Method in class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequestEntityConverter

Add (compose) the provided headersConverter to the current Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a HttpHeaders used in the OAuth 2.0 Access Token Request headers.

addHeadersConverter(Converter<T, HttpHeaders>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractRestClientOAuth2AccessTokenResponseClient

Add (compose) the provided headersConverter to the current Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a HttpHeaders used in the OAuth 2.0 Access Token Request headers.

addHeadersConverter(Converter<T, HttpHeaders>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient

Add (compose) the provided headersConverter to the current Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a HttpHeaders used in the OAuth 2.0 Access Token Request headers.

addHeaderWriter(HeaderWriter) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Adds a HeaderWriter instance

additionalAuthenticationChecks(UserDetails, UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

Allows subclasses to perform any additional checks of a returned (or cached) UserDetails for a given authentication request.

additionalAuthenticationChecks(UserDetails, UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider

additionalParameters(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder

A Consumer to be provided access to the additional parameter(s) allowing the ability to add, replace, or remove.

additionalParameters(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder

Sets the additional parameters returned in the response.

additionalParameters(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder

Sets the additional parameter(s) used in the request.

additionalParameters(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse.Builder

Sets the additional parameters returned in the response.

addListener(SmartApplicationListener) - Method in class org.springframework.security.context.DelegatingApplicationListener

Adds a new SmartApplicationListener to use.

addLogoutHandler(LogoutHandler) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

Adds a LogoutHandler.

addObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter

Adds an ObjectPostProcessor to be used for this SecurityConfigurerAdapter.

addParametersConverter(Converter<TokenExchangeGrantRequest, MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequestEntityConverter

Add (compose) the provided parametersConverter to the current Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a MultiValueMap of the parameters used in the OAuth 2.0 Access Token Request body.

addParametersConverter(Converter<T, MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractRestClientOAuth2AccessTokenResponseClient

Add (compose) the provided parametersConverter to the current Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a MultiValueMap used in the OAuth 2.0 Access Token Request body.

addParametersConverter(Converter<T, MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient

Add (compose) the provided parametersConverter to the current Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a MultiValueMap used in the OAuth 2.0 Access Token Request body.

addPayloadInterceptor(PayloadInterceptor) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity

Adds a PayloadInterceptor to be used.

address(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Use this address in the resulting OidcUserInfo

ADDRESS - Static variable in class org.springframework.security.oauth2.core.oidc.OidcScopes

The address scope requests access to the address claim.

ADDRESS - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames

address - the user's preferred postal address

AddressStandardClaim - Interface in org.springframework.security.oauth2.core.oidc

The Address Claim represents a physical mailing address defined by the OpenID Connect Core 1.0 specification that can be returned either in the UserInfo Response or the ID Token.

addSecureMethod(Class<?>, Method, List<ConfigAttribute>) - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource

Deprecated.

Adds configuration attributes for a specific method, for example where the method has been matched using a pointcut expression.

addSecureMethod(Class<?>, String, List<ConfigAttribute>) - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource

Deprecated.

Add configuration attributes for a secure method.

addSecurityFilterChainBuilder(SecurityBuilder<? extends SecurityFilterChain>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Adds builders to create SecurityFilterChain instances.

addSessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Adds an additional SessionAuthenticationStrategy to be used within the CompositeSessionAuthenticationStrategy.

addSha256Pins(String...) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig

Deprecated.

Adds a list of SHA256 hashed pins for the pin- directive of the Public-Key-Pins header.

addSha256Pins(String...) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter

Deprecated.

Adds a list of SHA256 hashed pins for the pin- directive of the Public-Key-Pins header.

addUserToGroup(String, String) - Method in interface org.springframework.security.provisioning.GroupManager

Makes a user a member of a particular group.

addUserToGroup(String, String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

admin - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot

ADMINISTRATION - Static variable in class org.springframework.security.acls.domain.BasePermission

AesBytesEncryptor - Class in org.springframework.security.crypto.encrypt

Encryptor that uses AES encryption.

AesBytesEncryptor(String, CharSequence) - Constructor for class org.springframework.security.crypto.encrypt.AesBytesEncryptor

Constructs an encryptor that uses AES encryption.

AesBytesEncryptor(String, CharSequence, BytesKeyGenerator) - Constructor for class org.springframework.security.crypto.encrypt.AesBytesEncryptor

Constructs an encryptor that uses AES encryption.

AesBytesEncryptor(String, CharSequence, BytesKeyGenerator, AesBytesEncryptor.CipherAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.AesBytesEncryptor

Constructs an encryptor that uses AES encryption.

AesBytesEncryptor(SecretKey, BytesKeyGenerator, AesBytesEncryptor.CipherAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.AesBytesEncryptor

Constructs an encryptor that uses AES encryption.

AesBytesEncryptor.CipherAlgorithm - Enum Class in org.springframework.security.crypto.encrypt

AffirmativeBased - Class in org.springframework.security.access.vote

Deprecated.

Use AuthorizationManager instead

AffirmativeBased(List<AccessDecisionVoter<?>>) - Constructor for class org.springframework.security.access.vote.AffirmativeBased

Deprecated.

after(Authentication, MethodInvocation, PostInvocationAttribute, Object) - Method in class org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice

Deprecated.

after(Authentication, MethodInvocation, PostInvocationAttribute, Object) - Method in interface org.springframework.security.access.prepost.PostInvocationAuthorizationAdvice

Deprecated.

AFTER_INVOCATION_PROVIDER - Static variable in class org.springframework.security.config.Elements

afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.CsrfMutator

afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator

afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator

afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator

afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator

afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator

afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator

afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.CsrfMutator

afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator

afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator

afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator

afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator

afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator

afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator

afterHandshake(ServerHttpRequest, ServerHttpResponse, WebSocketHandler, Exception) - Method in class org.springframework.security.messaging.web.socket.server.CsrfTokenHandshakeInterceptor

afterInvocation(InterceptorStatusToken, Object) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

Completes the work of the AbstractSecurityInterceptor after the secure object invocation has been completed.

afterInvocationManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Deprecated.

Provide a custom AfterInvocationManager for the default implementation of GlobalMethodSecurityConfiguration.methodSecurityInterceptor(MethodSecurityMetadataSource).

AfterInvocationManager - Interface in org.springframework.security.access.intercept

Deprecated.

Use delegation with AuthorizationManager

AfterInvocationProvider - Interface in org.springframework.security.access

Deprecated.

Use delegation with AuthorizationManager

AfterInvocationProviderManager - Class in org.springframework.security.access.intercept

Deprecated.

Use delegation with AuthorizationManager

AfterInvocationProviderManager() - Constructor for class org.springframework.security.access.intercept.AfterInvocationProviderManager

Deprecated.

afterMessageHandled(Message<?>, MessageChannel, MessageHandler, Exception) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor

afterMessageHandled(Message<?>, MessageChannel, MessageHandler, Exception) - Method in class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor

afterPropertiesSet() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

afterPropertiesSet() - Method in class org.springframework.security.access.intercept.AfterInvocationProviderManager

Deprecated.

afterPropertiesSet() - Method in class org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator

Deprecated.

afterPropertiesSet() - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider

Deprecated.

afterPropertiesSet() - Method in class org.springframework.security.access.intercept.RunAsManagerImpl

Deprecated.

afterPropertiesSet() - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager

Deprecated.

afterPropertiesSet() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

afterPropertiesSet() - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider

Validates the required properties are set.

afterPropertiesSet() - Method in class org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider

afterPropertiesSet() - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider

afterPropertiesSet() - Method in class org.springframework.security.authentication.ott.JdbcOneTimeTokenService

afterPropertiesSet() - Method in class org.springframework.security.authentication.ProviderManager

afterPropertiesSet() - Method in class org.springframework.security.authentication.RememberMeAuthenticationProvider

afterPropertiesSet() - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider

afterPropertiesSet() - Method in class org.springframework.security.cas.ServiceProperties

afterPropertiesSet() - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint

afterPropertiesSet() - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper

afterPropertiesSet() - Method in class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper

Check whether all properties have been set to correct values.

afterPropertiesSet() - Method in class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper

afterPropertiesSet() - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService

afterPropertiesSet() - Method in class org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper

Check whether all required properties have been set.

afterPropertiesSet() - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator

afterPropertiesSet() - Method in class org.springframework.security.ldap.server.ApacheDSContainer

Deprecated.

afterPropertiesSet() - Method in class org.springframework.security.ldap.server.UnboundIdContainer

afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl

afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter

afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor

afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor

afterPropertiesSet() - Method in class org.springframework.security.web.access.ExceptionTranslationFilter

afterPropertiesSet() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

afterPropertiesSet() - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter

afterPropertiesSet() - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint

afterPropertiesSet() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

Check whether all required properties have been set.

afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource

Check that all required properties have been set.

afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever

Loads the web.xml file using the configured ResourceLoader and parses the role-name elements from it, using these as the set of mappableAttributes.

afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider

Check whether all required properties have been set.

afterPropertiesSet() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

afterPropertiesSet() - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter

afterPropertiesSet() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint

afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter

afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint

afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter

afterPropertiesSet() - Method in class org.springframework.security.web.FilterChainProxy

afterPropertiesSet() - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter

afterPropertiesSet() - Method in class org.springframework.security.web.session.ConcurrentSessionFilter

afterReceiveCompletion(Message<?>, MessageChannel, Exception) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor

Deprecated.

afterSendCompletion(Message<?>, MessageChannel, boolean, Exception) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor

Deprecated.

afterSendCompletion(Message<?>, MessageChannel, boolean, Exception) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor

afterSingletonsInstantiated() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Deprecated.

afterSingletonsInstantiated() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

Deprecated.

afterSpringSecurityFilterChain(ServletContext) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer

Invoked after the springSecurityFilterChain is added.

afterTestClass(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener

afterTestExecution(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener

afterTestMethod(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener

afterTestMethod(TestContext) - Method in class org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener

Clears out the TestSecurityContextHolder and the SecurityContextHolder after each test method.

ALG - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames

alg - the algorithm header identifies the cryptographic algorithm used to secure a JWS or JWE

algorithm(JwaAlgorithm) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder

Sets the JWA algorithm used to digitally sign the JWS or encrypt the JWE.

ALL - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive

ALL - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive

allocateToken(String) - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService

allocateToken(String) - Method in interface org.springframework.security.core.token.TokenService

Forces the allocation of a new Token.

allOf(AuthorizationDecision, AuthorizationManager<T>...) - Static method in class org.springframework.security.authorization.AuthorizationManagers

Creates an AuthorizationManager that grants access if all AuthorizationManagers granted, if managers are empty or abstained, a default AuthorizationDecision is returned.

allOf(AuthorizationManager<T>...) - Static method in class org.springframework.security.authorization.AuthorizationManagers

Creates an AuthorizationManager that grants access if all AuthorizationManagers granted or abstained, if managers are empty then granted decision is returned.

allOf(RequestMatcher...) - Static method in class org.springframework.security.web.util.matcher.RequestMatchers

Creates a RequestMatcher that matches if all the given RequestMatchers match, if matchers are empty then the returned matcher always matches.

ALLOW_FROM - Enum constant in enum class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode

Deprecated.

ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.

allowableSessionsExceeded(List<SessionInformation>, int, SessionRegistry) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy

Allows subclasses to customise behaviour when too many sessions are detected.

allowCredentials(List<PublicKeyCredentialDescriptor>) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder

Sets the PublicKeyCredentialRequestOptions.getAllowCredentials() property

allowed(String) - Method in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy

Deprecated.

Method to be implemented by base classes, used to determine if the supplied origin is allowed.

allowed(String) - Method in class org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy

Deprecated.

allowed(String) - Method in class org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy

Deprecated.

ALLOWED_HEADER_NAMES - Static variable in class org.springframework.security.web.firewall.StrictHttpFirewall

ALLOWED_HEADER_NAMES - Static variable in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

ALLOWED_HEADER_VALUES - Static variable in class org.springframework.security.web.firewall.StrictHttpFirewall

ALLOWED_HEADER_VALUES - Static variable in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

ALLOWED_PARAMETER_NAMES - Static variable in class org.springframework.security.web.firewall.StrictHttpFirewall

ALLOWED_PARAMETER_NAMES - Static variable in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

ALLOWED_PARAMETER_VALUES - Static variable in class org.springframework.security.web.firewall.StrictHttpFirewall

ALLOWED_PARAMETER_VALUES - Static variable in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

allowedOrigins(String...) - Method in class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer

Convenience method for WebAuthnConfigurer.allowedOrigins(Set)

allowedOrigins(Set<String>) - Method in class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer

Sets the allowed origins.

AllowFromStrategy - Interface in org.springframework.security.web.header.writers.frameoptions

Deprecated.

ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.

AlreadyBuiltException - Exception in org.springframework.security.config.annotation

Thrown when AbstractSecurityBuilder.build() is two or more times.

AlreadyBuiltException(String) - Constructor for exception org.springframework.security.config.annotation.AlreadyBuiltException

AlreadyExistsException - Exception in org.springframework.security.acls.model

Thrown if an Acl entry already exists for the object.

AlreadyExistsException(String) - Constructor for exception org.springframework.security.acls.model.AlreadyExistsException

Constructs an AlreadyExistsException with the specified message.

AlreadyExistsException(String, Throwable) - Constructor for exception org.springframework.security.acls.model.AlreadyExistsException

Constructs an AlreadyExistsException with the specified message and root cause.

ALWAYS - Enum constant in enum class org.springframework.security.config.http.SessionCreationPolicy

Always create an HttpSession

alwaysRemember(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

Whether the cookie should always be created even if the remember-me parameter is not set.

AMR - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames

amr - the Authentication Methods References

and() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder

Gets the LdapAuthenticationProviderConfigurer for further customizations

and() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer

Allows obtaining a reference to the LdapAuthenticationProviderConfigurer for further customizations

and() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder

Returns the UserDetailsManagerConfigurer for method chaining (i.e.

and() - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use the lambda based configuration instead.

and() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

Use the lambda based configuration instead. For example:

 @Configuration
 @EnableWebSecurity
 public class SecurityConfig {

     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
             .securityMatchers((matchers) -> matchers
                 .requestMatchers("/api/**")
             )
             .authorizeHttpRequests((authorize) -> authorize
                 .anyRequest().hasRole("USER")
             )
             .httpBasic(Customizer.withDefaults());
         return http.build();
     }

 }
 

and() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer

Returns the WebSecurity to be returned for chaining.

and() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use the lambda based configuration instead.

and() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.requiresChannel(Customizer) instead

and() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry

Deprecated.

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CacheControlConfig

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.cacheControl(Customizer) or cacheControl(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.contentSecurityPolicy(Customizer) instead

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentTypeOptionsConfig

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.contentTypeOptions(Customizer) instead

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginEmbedderPolicyConfig

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.crossOriginEmbedderPolicy(Customizer) instead

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginOpenerPolicyConfig

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.crossOriginOpenerPolicy(Customizer) instead

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginResourcePolicyConfig

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.crossOriginResourcePolicy(Customizer) instead

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FeaturePolicyConfig

Allows completing configuration of Feature Policy and continuing configuration of headers.

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.frameOptions(Customizer) or frameOptions(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig

Deprecated.

Allows completing configuration of Public Key Pinning and continuing configuration of headers.

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.httpStrictTransportSecurity(Customizer) instead

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.PermissionsPolicyConfig

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.permissionsPolicy(Customizer) instead

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ReferrerPolicyConfig

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.referrerPolicy(Customizer) or referrerPolicy(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.xssProtection(Customizer) or xssProtection(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use OAuth2ClientConfigurer.authorizationCodeGrant(Customizer) instead

and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use OAuth2LoginConfigurer.authorizationEndpoint(Customizer) instead

and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.RedirectionEndpointConfig

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use OAuth2LoginConfigurer.redirectionEndpoint(Customizer) instead

and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.TokenEndpointConfig

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use OAuth2LoginConfigurer.tokenEndpoint(Customizer) or tokenEndpoint(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use OAuth2LoginConfigurer.userInfoEndpoint(Customizer) instead

and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use OAuth2ResourceServerConfigurer.jwt(Customizer) or jwt(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

and() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use Saml2LogoutConfigurer.logoutRequest(Customizer) or logoutRequest(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

and() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use Saml2LogoutConfigurer.logoutResponse(Customizer) or logoutResponse(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

and() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2MetadataConfigurer

and() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use SessionManagementConfigurer.sessionConcurrency(Customizer) instead

and() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry

Deprecated.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.anonymous(Customizer) or anonymous(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.authorizeExchange(Customizer) instead

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.cors(Customizer) or cors(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.csrf(Customizer) or csrf(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.exceptionHandling(Customizer) instead

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.formLogin(Customizer) or formLogin(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.headers(Customizer) or headers(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.contentSecurityPolicy(Customizer) instead

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.crossOriginEmbedderPolicy(Customizer) instead

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.crossOriginOpenerPolicy(Customizer) instead

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.crossOriginResourcePolicy(Customizer) instead

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FeaturePolicySpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use #featurePolicy(Customizer) instead

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.hsts(Customizer) or hsts(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.permissionsPolicy(Customizer) instead

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.referrerPolicy(Customizer) instead

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.httpBasic(Customizer) or httpBasic(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec

Deprecated, for removal: This API element is subject to removal in a future version.

use ServerHttpSecurity.redirectToHttps(Customizer)

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.logout(Customizer) or logout(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.oauth2Client(Customizer) or oauth2Client(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.oauth2Login(Customizer) or oauth2Login(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.oauth2ResourceServer(Customizer) instead

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.OAuth2ResourceServerSpec.jwt(Customizer) or jwt(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.OAuth2ResourceServerSpec.opaqueToken(Customizer) instead

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec

Deprecated, for removal: This API element is subject to removal in a future version.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.passwordManagement(Customizer) instead

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.requestCache(Customizer) or requestCache(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.x509(Customizer) or x509(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

AndMessageMatcher<T> - Class in org.springframework.security.messaging.util.matcher

MessageMatcher that will return true if all of the passed in MessageMatcher instances match.

AndMessageMatcher(List<MessageMatcher<T>>) - Constructor for class org.springframework.security.messaging.util.matcher.AndMessageMatcher

Creates a new instance

AndMessageMatcher(MessageMatcher<T>...) - Constructor for class org.springframework.security.messaging.util.matcher.AndMessageMatcher

Creates a new instance

AndRequestMatcher - Class in org.springframework.security.web.util.matcher

RequestMatcher that will return true if all of the passed in RequestMatcher instances match.

AndRequestMatcher(List<RequestMatcher>) - Constructor for class org.springframework.security.web.util.matcher.AndRequestMatcher

Creates a new instance

AndRequestMatcher(RequestMatcher...) - Constructor for class org.springframework.security.web.util.matcher.AndRequestMatcher

Creates a new instance

AndServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher

Matches if all the provided ServerWebExchangeMatcher match

AndServerWebExchangeMatcher(List<ServerWebExchangeMatcher>) - Constructor for class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher

AndServerWebExchangeMatcher(ServerWebExchangeMatcher...) - Constructor for class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher

AnnotationMetadataExtractor<A extends Annotation> - Interface in org.springframework.security.access.annotation

Deprecated.

Used only by now-deprecated classes. Consider SecuredAuthorizationManager for `@Secured` methods.

AnnotationParameterNameDiscoverer - Class in org.springframework.security.core.parameters

Allows finding parameter names using the value attribute of any number of Annotation instances.

AnnotationParameterNameDiscoverer(String...) - Constructor for class org.springframework.security.core.parameters.AnnotationParameterNameDiscoverer

AnnotationParameterNameDiscoverer(Set<String>) - Constructor for class org.springframework.security.core.parameters.AnnotationParameterNameDiscoverer

AnnotationTemplateExpressionDefaults - Class in org.springframework.security.core.annotation

A component for configuring the expression attribute template of the parsed Spring Security annotation

AnnotationTemplateExpressionDefaults() - Constructor for class org.springframework.security.core.annotation.AnnotationTemplateExpressionDefaults

anonymous() - Static method in class org.springframework.security.authorization.AuthenticatedAuthorizationManager

Creates an instance of AuthenticatedAuthorizationManager that determines if the Authentication is anonymous.

anonymous() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.anonymous(Customizer) or anonymous(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

anonymous() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Specify that URLs are allowed by anonymous users.

anonymous() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Deprecated.

Specify that URLs are allowed by anonymous users.

anonymous() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl

Deprecated.

Specifies that an anonymous user is allowed access

anonymous() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Deprecated.

Specify that Messages are allowed by anonymous users.

anonymous() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.anonymous(Customizer) or anonymous(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

anonymous() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint

Specify that Messages are allowed by anonymous users.

anonymous() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors

Establish a SecurityContext that uses an AnonymousAuthenticationToken.

anonymous() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl

Specify that URLs are allowed by anonymous users.

anonymous(Customizer<AnonymousConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring how an anonymous user is represented.

anonymous(Customizer<ServerHttpSecurity.AnonymousSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Enables and Configures anonymous authentication.

ANONYMOUS - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder

Where anonymous authentication is placed.

ANONYMOUS - Static variable in class org.springframework.security.config.Elements

ANONYMOUS_AUTHENTICATION - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

Instance of AnonymousAuthenticationWebFilter

AnonymousAuthenticationFilter - Class in org.springframework.security.web.authentication

Detects if there is no Authentication object in the SecurityContextHolder, and populates it with one if needed.

AnonymousAuthenticationFilter(String) - Constructor for class org.springframework.security.web.authentication.AnonymousAuthenticationFilter

Creates a filter with a principal named "anonymousUser" and the single authority "ROLE_ANONYMOUS".

AnonymousAuthenticationFilter(String, Object, List<GrantedAuthority>) - Constructor for class org.springframework.security.web.authentication.AnonymousAuthenticationFilter

AnonymousAuthenticationProvider - Class in org.springframework.security.authentication

An AuthenticationProvider implementation that validates AnonymousAuthenticationTokens.

AnonymousAuthenticationProvider(String) - Constructor for class org.springframework.security.authentication.AnonymousAuthenticationProvider

AnonymousAuthenticationToken - Class in org.springframework.security.authentication

Represents an anonymous Authentication.

AnonymousAuthenticationToken(String, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.AnonymousAuthenticationToken

Constructor.

AnonymousAuthenticationWebFilter - Class in org.springframework.security.web.server.authentication

Detects if there is no Authentication object in the ReactiveSecurityContextHolder, and populates it with one if needed.

AnonymousAuthenticationWebFilter(String) - Constructor for class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter

Creates a filter with a principal named "anonymousUser" and the single authority "ROLE_ANONYMOUS".

AnonymousAuthenticationWebFilter(String, Object, List<GrantedAuthority>) - Constructor for class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter

AnonymousConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Configures Anonymous authentication (i.e.

AnonymousConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer

Creates a new instance

AnonymousPayloadInterceptor - Class in org.springframework.security.rsocket.authentication

If ReactiveSecurityContextHolder is empty populates an AnonymousAuthenticationToken

AnonymousPayloadInterceptor(String) - Constructor for class org.springframework.security.rsocket.authentication.AnonymousPayloadInterceptor

Creates a filter with a principal named "anonymousUser" and the single authority "ROLE_ANONYMOUS".

AnonymousPayloadInterceptor(String, Object, List<GrantedAuthority>) - Constructor for class org.springframework.security.rsocket.authentication.AnonymousPayloadInterceptor

ant - Enum constant in enum class org.springframework.security.config.http.MatcherType

antMatcher(String) - Static method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher

Creates a matcher with the specific pattern which will match all HTTP methods in a case-sensitive manner.

antMatcher(HttpMethod) - Static method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher

Creates a matcher that will match all request with the supplied HTTP method in a case-sensitive manner.

antMatcher(HttpMethod, String) - Static method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher

Creates a matcher with the supplied pattern and HTTP method in a case-sensitive manner.

AntPathRequestMatcher - Class in org.springframework.security.web.util.matcher

Matcher which compares a pre-defined ant-style pattern against the URL ( servletPath + pathInfo) of an HttpServletRequest.

AntPathRequestMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher

Creates a matcher with the specific pattern which will match all HTTP methods in a case sensitive manner.

AntPathRequestMatcher(String, String) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher

Creates a matcher with the supplied pattern and HTTP method in a case sensitive manner.

AntPathRequestMatcher(String, String, boolean) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher

Creates a matcher with the supplied pattern which will match the specified Http method

AntPathRequestMatcher(String, String, boolean, UrlPathHelper) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher

Creates a matcher with the supplied pattern which will match the specified Http method

ANY_CHANNEL - Static variable in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl

ANY_MESSAGE - Static variable in interface org.springframework.security.messaging.util.matcher.MessageMatcher

Matches every Message

anyExchange() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec

Always matches

anyExchange() - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry

Maps any request.

anyExchange() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec

Disables authorization.

anyExchange() - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatchers

anyExchange() - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers

Matches any exchange

anyMessage() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Deprecated.

Maps any Message to a security expression.

anyMessage() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder

Maps any Message to a security expression.

anyOf(AuthorizationDecision, AuthorizationManager<T>...) - Static method in class org.springframework.security.authorization.AuthorizationManagers

Creates an AuthorizationManager that grants access if at least one AuthorizationManager granted, if managers are empty or abstained, a default AuthorizationDecision is returned.

anyOf(AuthorizationManager<T>...) - Static method in class org.springframework.security.authorization.AuthorizationManagers

Creates an AuthorizationManager that grants access if at least one AuthorizationManager granted or abstained, if managers are empty then denied decision is returned.

anyOf(RequestMatcher...) - Static method in class org.springframework.security.web.util.matcher.RequestMatchers

Creates a RequestMatcher that matches if at least one of the given RequestMatchers matches, if matchers are empty then the returned matcher never matches.

anyRequest() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec

Matches if PayloadExchangeType.isRequest() is true, else not a match

anyRequest() - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

Maps any request.

anyRequest() - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatchers

anyRequest() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder

Maps any request.

AnyRequestMatcher - Class in org.springframework.security.web.util.matcher

Matches any supplied request.

ApacheDSContainer - Class in org.springframework.security.ldap.server

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use UnboundIdContainer instead because ApacheDS 1.x is no longer supported with no GA version to replace it.

ApacheDSContainer(String, String) - Constructor for class org.springframework.security.ldap.server.ApacheDSContainer

Deprecated.

appendFilters(ServletContext, Filter...) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer

Inserts the provided Filters after existing Filters using default generated names, AbstractSecurityWebApplicationInitializer.getSecurityDispatcherTypes(), and AbstractSecurityWebApplicationInitializer.isAsyncSecuritySupported().

apply(C) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use AbstractConfiguredSecurityBuilder.with(SecurityConfigurerAdapter, Customizer) instead.

apply(Row, RowMetadata) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper

apply(SocketAcceptor) - Method in class org.springframework.security.rsocket.core.PayloadSocketAcceptorInterceptor

apply(SocketAcceptor) - Method in class org.springframework.security.rsocket.core.SecuritySocketAcceptorInterceptor

apply(JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper

apply(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper

apply(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper

apply(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper

apply(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper

apply(R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper

apply(ServerWebExchange) - Method in class org.springframework.security.web.server.ServerFormLoginAuthenticationConverter

Deprecated.

apply(ServerWebExchange) - Method in class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter

Deprecated.

Argon2PasswordEncoder - Class in org.springframework.security.crypto.argon2

Implementation of PasswordEncoder that uses the Argon2 hashing function.

Argon2PasswordEncoder(int, int, int, int, int) - Constructor for class org.springframework.security.crypto.argon2.Argon2PasswordEncoder

Constructs an Argon2 password encoder with the provided parameters.

asHeader() - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor

Instead of using the CsrfToken as a request parameter (default) will populate the CsrfToken as a header.

AspectJCallback - Interface in org.springframework.security.access.intercept.aspectj

Deprecated.

This class will be removed from the public API. Please either use `spring-security-aspects`, Spring Security's method security support or create your own class that uses Spring AOP annotations.

AspectJMethodSecurityInterceptor - Class in org.springframework.security.access.intercept.aspectj

Deprecated.

This class will be removed from the public API. Please either use `spring-security-aspects`, Spring Security's method security support or create your own class that uses Spring AOP annotations.

AspectJMethodSecurityInterceptor() - Constructor for class org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor

Deprecated.

assertingPartyDetails(Consumer<RelyingPartyRegistration.AssertingPartyDetails.Builder>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder

Deprecated.

assertingPartyDetails(Consumer<RelyingPartyRegistration.AssertingPartyDetails.Builder>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder

Deprecated, for removal: This API element is subject to removal in a future version.

Use RelyingPartyRegistration.Builder.assertingPartyMetadata(java.util.function.Consumer<org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder<?>>) instead

assertingPartyMetadata(Consumer<AssertingPartyMetadata.Builder<?>>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder

Deprecated.

assertingPartyMetadata(Consumer<AssertingPartyMetadata.Builder<?>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder

Apply this Consumer to further configure the Asserting Party metadata

AssertingPartyMetadata - Interface in org.springframework.security.saml2.provider.service.registration

An interface representing SAML 2.0 Asserting Party metadata

AssertingPartyMetadata.Builder<B extends AssertingPartyMetadata.Builder<B>> - Interface in org.springframework.security.saml2.provider.service.registration

AssertingPartyMetadataRepository - Interface in org.springframework.security.saml2.provider.service.registration

A repository for retrieving SAML 2.0 Asserting Party Metadata

ASSERTION - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

assertion - used in Access Token Request.

assertionConsumerServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder

Deprecated.

assertionConsumerServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder

Set the AssertionConsumerService Binding.

assertionConsumerServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder

Deprecated.

assertionConsumerServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder

Set the AssertionConsumerService Location.

AT_HASH - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames

at_hash - the Access Token hash value

ATT_GROUP_ROLE_ATTRIBUTE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

ATT_GROUP_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

ATT_GROUP_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

ATT_HASH - Static variable in class org.springframework.security.config.authentication.PasswordEncoderParser

ATT_LDIF_FILE - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser

Optionally defines an ldif resource to be loaded.

ATT_PORT - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser

Defines the port the LDAP_PROVIDER server should run on

ATT_ROOT_SUFFIX - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser

sets the configuration suffix (default is "dc=springframework,dc=org").

ATT_SERVER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

ATT_USER_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

ATT_USER_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter

attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter

attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter

attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Performs actual authentication.

attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationFilter

attemptExitUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

Attempt to exit from an already switched user.

attemptSwitchUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

Attempt to switch to another user.

attestation(AttestationConveyancePreference) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder

Sets the PublicKeyCredentialCreationOptions.getAttestation() property.

attestationClientDataJSON(Bytes) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder

AttestationConveyancePreference - Class in org.springframework.security.web.webauthn.api

WebAuthn Relying Parties may use AttestationConveyancePreference to specify their preference regarding attestation conveyance during credential generation.

attestationObject(Bytes) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder

Set the AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder.attestationObject property

attestationObject(Bytes) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse.AuthenticatorAttestationResponseBuilder

Sets the AuthenticatorAttestationResponse.getAttestationObject() property.

attestationObject(Bytes) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder

attribute(String, Object) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext.Builder

Sets an attribute associated to the context.

attribute(String, Object) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest.Builder

Sets an attribute associated to the request.

attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext.Builder

Provides a Consumer access to the attributes associated to the context.

attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest.Builder

Provides a Consumer access to the attributes associated to the request.

attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder

A Consumer to be provided access to the attribute(s) allowing the ability to add, replace, or remove.

attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator

Mutate the attributes using the given Consumer

attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator

Mutate the attributes using the given Consumer

attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor

Mutate the attributes using the given Consumer

attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor

Mutate the attributes using the given Consumer

attributes(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder

Sets the attributes associated to the request.

Attributes2GrantedAuthoritiesMapper - Interface in org.springframework.security.core.authority.mapping

Interface to be implemented by classes that can map a list of security attributes (such as roles or group names) to a collection of Spring Security GrantedAuthoritys.

AUD - Static variable in class org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimNames

aud - the Audience(s) that the ID Token is intended for

AUD - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames

aud - The intended audience for the token

AUD - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames

aud - the Audience(s) that the ID Token is intended for

AUD - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames

aud - the Audience claim identifies the recipient(s) that the JWT is intended for

audience(Collection<String>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder

Use this audience in the resulting OidcLogoutToken

audience(Collection<String>) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder

Use this audience in the resulting OidcIdToken

audience(Collection<String>) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder

Use this audience in the resulting Jwt

audience(List<String>) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder

Sets the audience (aud) claim, which identifies the recipient(s) that the JWT is intended for.

AUDIENCE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

audience - used in Token Exchange Access Token Request.

AuditableAccessControlEntry - Interface in org.springframework.security.acls.model

Represents an ACE that provides auditing information.

AuditableAcl - Interface in org.springframework.security.acls.model

A mutable ACL that provides audit capabilities.

AuditLogger - Interface in org.springframework.security.acls.domain

Used by AclImpl to log audit events.

AUTH_TIME - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames

auth_time - the time when the End-User authentication occurred

authenticate(Authentication) - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider

Deprecated.

authenticate(Authentication) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager

authenticate(Authentication) - Method in class org.springframework.security.authentication.AnonymousAuthenticationProvider

authenticate(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationManager

Attempts to authenticate the passed Authentication object, returning a fully populated Authentication object (including granted authorities) if successful.

authenticate(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationProvider

Performs authentication with the same contract as AuthenticationManager.authenticate(Authentication) .

authenticate(Authentication) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

authenticate(Authentication) - Method in class org.springframework.security.authentication.DelegatingReactiveAuthenticationManager

authenticate(Authentication) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider

Attempts to login the user given the Authentication objects principal and credential

authenticate(Authentication) - Method in class org.springframework.security.authentication.ObservationAuthenticationManager

authenticate(Authentication) - Method in class org.springframework.security.authentication.ObservationReactiveAuthenticationManager

authenticate(Authentication) - Method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationProvider

authenticate(Authentication) - Method in class org.springframework.security.authentication.ott.reactive.OneTimeTokenReactiveAuthenticationManager

authenticate(Authentication) - Method in class org.springframework.security.authentication.ProviderManager

Attempts to authenticate the passed Authentication object.

authenticate(Authentication) - Method in interface org.springframework.security.authentication.ReactiveAuthenticationManager

Attempts to authenticate the provided Authentication

authenticate(Authentication) - Method in class org.springframework.security.authentication.ReactiveAuthenticationManagerAdapter

authenticate(Authentication) - Method in class org.springframework.security.authentication.RememberMeAuthenticationProvider

authenticate(Authentication) - Method in class org.springframework.security.authentication.TestingAuthenticationProvider

authenticate(Authentication) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider

authenticate(Authentication) - Method in class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider

authenticate(Authentication) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

authenticate(Authentication) - Method in class org.springframework.security.ldap.authentication.BindAuthenticator

authenticate(Authentication) - Method in interface org.springframework.security.ldap.authentication.LdapAuthenticator

Authenticates as a user and obtains additional user information from the directory.

authenticate(Authentication) - Method in class org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator

authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationProvider

authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeReactiveAuthenticationManager

authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider

authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginReactiveAuthenticationManager

authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider

authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager

authenticate(Authentication) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider

Decode and validate the Bearer Token.

authenticate(Authentication) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager

authenticate(Authentication) - Method in class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider

Introspect and validate the opaque Bearer Token and then delegates Authentication instantiation to OpaqueTokenAuthenticationConverter.

authenticate(Authentication) - Method in class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager

Introspect and validate the opaque Bearer Token and then delegates Authentication instantiation to ReactiveOpaqueTokenAuthenticationConverter.

authenticate(Authentication) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider

Authenticate the given PreAuthenticatedAuthenticationToken.

authenticate(Authentication) - Method in class org.springframework.security.web.server.authentication.ReactivePreAuthenticatedAuthenticationManager

authenticate(Authentication) - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationProvider

authenticate(RelyingPartyAuthenticationRequest) - Method in class org.springframework.security.web.webauthn.management.Webauthn4JRelyingPartyOperations

authenticate(RelyingPartyAuthenticationRequest) - Method in interface org.springframework.security.web.webauthn.management.WebAuthnRelyingPartyOperations

Authenticates the RelyingPartyAuthenticationRequest passed in

authenticated() - Static method in class org.springframework.security.authorization.AuthenticatedAuthorizationManager

Creates an instance of AuthenticatedAuthorizationManager.

authenticated() - Static method in class org.springframework.security.authorization.AuthenticatedReactiveAuthorizationManager

Gets an instance of AuthenticatedReactiveAuthorizationManager

authenticated() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access

authenticated() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Specify that URLs are allowed by any authenticated user.

authenticated() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Deprecated.

Specify that URLs are allowed by any authenticated user.

authenticated() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Deprecated.

Specify that Messages are allowed by any authenticated user.

authenticated() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access

Require an authenticated user

authenticated() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint

Specify that Messages are allowed by any authenticated user.

authenticated() - Static method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers

ResultMatcher that verifies that a specified user is authenticated.

authenticated() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl

Specify that URLs are allowed by any authenticated user.

authenticated(Object, Object, Collection<? extends GrantedAuthority>) - Static method in class org.springframework.security.authentication.UsernamePasswordAuthenticationToken

This factory method can be safely used by any code that wishes to create a authenticated UsernamePasswordAuthenticationToken.

authenticated(Object, Collection<? extends GrantedAuthority>) - Static method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken

Creates an unauthenticated token

AuthenticatedAuthorizationManager<T> - Class in org.springframework.security.authorization

An AuthorizationManager that determines if the current user is authenticated.

AuthenticatedAuthorizationManager() - Constructor for class org.springframework.security.authorization.AuthenticatedAuthorizationManager

Creates an instance that determines if the current user is authenticated, this is the same as calling AuthenticatedAuthorizationManager.authenticated() factory method.

AuthenticatedPrincipal - Interface in org.springframework.security.core

Representation of an authenticated Principal once an Authentication request has been successfully authenticated by the AuthenticationManager.authenticate(Authentication) method.

AuthenticatedPrincipalOAuth2AuthorizedClientRepository - Class in org.springframework.security.oauth2.client.web

An implementation of an OAuth2AuthorizedClientRepository that delegates to the provided OAuth2AuthorizedClientService if the current Principal is authenticated, otherwise, to the default (or provided) OAuth2AuthorizedClientRepository if the current request is unauthenticated (or anonymous).

AuthenticatedPrincipalOAuth2AuthorizedClientRepository(OAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository

Constructs a AuthenticatedPrincipalOAuth2AuthorizedClientRepository using the provided parameters.

AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository - Class in org.springframework.security.oauth2.client.web.server

An implementation of an ServerOAuth2AuthorizedClientRepository that delegates to the provided ServerOAuth2AuthorizedClientRepository if the current Principal is authenticated, otherwise, to the default (or provided) ServerOAuth2AuthorizedClientRepository if the current request is unauthenticated (or anonymous).

AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(ReactiveOAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository

Creates an instance

AuthenticatedReactiveAuthorizationManager<T> - Class in org.springframework.security.authorization

A ReactiveAuthorizationManager that determines if the current user is authenticated.

authenticatedUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer

Specifies the AuthenticationUserDetailsService that is used with the PreAuthenticatedAuthenticationProvider.

AuthenticatedVoter - Class in org.springframework.security.access.vote

Deprecated.

Use AuthorityAuthorizationManager instead

AuthenticatedVoter() - Constructor for class org.springframework.security.access.vote.AuthenticatedVoter

Deprecated.

authentication(Authentication) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction

Modifies the ClientRequest.attributes() to include the Authentication used to look up and save the OAuth2AuthorizedClient.

authentication(Authentication) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors

Establish a SecurityContext that uses the specified Authentication for the Authentication.getPrincipal() and a custom UserDetails.

Authentication - Interface in org.springframework.security.core

Represents the token for an authentication request or for an authenticated principal once the request has been processed by the AuthenticationManager.authenticate(Authentication) method.

AUTHENTICATION - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder

A generic placeholder for other types of authentication.

AUTHENTICATION - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

AUTHENTICATION_EXCEPTION - Static variable in class org.springframework.security.web.WebAttributes

Used to cache an authentication-failure exception in the session.

AUTHENTICATION_MANAGER - Static variable in class org.springframework.security.config.BeanIds

The "global" AuthenticationManager instance, registered by the <authentication-manager> element

AUTHENTICATION_MANAGER - Static variable in class org.springframework.security.config.Elements

AUTHENTICATION_PROVIDER - Static variable in class org.springframework.security.config.Elements

AUTHENTICATION_SCHEME_BASIC - Static variable in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter

AuthenticationConfiguration - Class in org.springframework.security.config.annotation.authentication.configuration

Exports the authentication Configuration

AuthenticationConfiguration() - Constructor for class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration

authenticationContextClass(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder

Use this authentication context class reference in the resulting OidcIdToken

authenticationConverter(OpaqueTokenAuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer

authenticationConverter(ReactiveOpaqueTokenAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec

authenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer

Use this AuthenticationConverter when converting incoming requests to an Authentication.

authenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

Use this AuthenticationConverter when converting incoming requests to an Authentication.

authenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec

Sets the converter to use

authenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

Sets the converter to use

authenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec

Use this ServerAuthenticationConverter when converting incoming requests to an Authentication.

AuthenticationConverter - Interface in org.springframework.security.web.authentication

A strategy used for converting from a HttpServletRequest to an Authentication of particular type.

AuthenticationConverterServerWebExchangeMatcher - Class in org.springframework.security.web.server.authentication

Matches if the ServerAuthenticationConverter can convert a ServerWebExchange to an Authentication.

AuthenticationConverterServerWebExchangeMatcher(ServerAuthenticationConverter) - Constructor for class org.springframework.security.web.server.authentication.AuthenticationConverterServerWebExchangeMatcher

AuthenticationCredentialsNotFoundEvent - Class in org.springframework.security.access.event

Deprecated.

Authentication is now separated from authorization. Consider AbstractAuthenticationFailureEvent instead.

AuthenticationCredentialsNotFoundEvent(Object, Collection<ConfigAttribute>, AuthenticationCredentialsNotFoundException) - Constructor for class org.springframework.security.access.event.AuthenticationCredentialsNotFoundEvent

Deprecated.

Construct the event.

AuthenticationCredentialsNotFoundException - Exception in org.springframework.security.authentication

Thrown if an authentication request is rejected because there is no Authentication object in the SecurityContext.

AuthenticationCredentialsNotFoundException(String) - Constructor for exception org.springframework.security.authentication.AuthenticationCredentialsNotFoundException

Constructs an AuthenticationCredentialsNotFoundException with the specified message.

AuthenticationCredentialsNotFoundException(String, Throwable) - Constructor for exception org.springframework.security.authentication.AuthenticationCredentialsNotFoundException

Constructs an AuthenticationCredentialsNotFoundException with the specified message and root cause.

authenticationDetailsSource - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Specifies a custom AuthenticationDetailsSource.

authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer

Specifies a custom AuthenticationDetailsSource to use for basic authentication.

authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails>) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer

Specifies the AuthenticationDetailsSource

AuthenticationDetailsSource<C,T> - Interface in org.springframework.security.authentication

Provides a Authentication.getDetails() object for a given web request.

authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer

Sets the AuthenticationEntryPoint to be used.

authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer

The AuthenticationEntryPoint to be populated on BasicAuthenticationFilter in the event that authentication fails.

authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec

Configures what to do when the application request authentication

authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

How to request for authentication.

authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec

Allows easily setting the entry point.

authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

Configures the ServerAuthenticationEntryPoint to use for requests authenticating with Bearer Tokens.

AuthenticationEntryPoint - Interface in org.springframework.security.web

Used by ExceptionTranslationFilter to commence an authentication scheme.

AuthenticationEntryPointFailureHandler - Class in org.springframework.security.web.authentication

Adapts a AuthenticationEntryPoint into a AuthenticationFailureHandler

AuthenticationEntryPointFailureHandler(AuthenticationEntryPoint) - Constructor for class org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler

authenticationEventPublisher(AuthenticationEventPublisher) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

Sets the AuthenticationEventPublisher

AuthenticationEventPublisher - Interface in org.springframework.security.authentication

AuthenticationException - Exception in org.springframework.security.core

Abstract superclass for all exceptions related to an Authentication object being invalid for whatever reason.

AuthenticationException(String) - Constructor for exception org.springframework.security.core.AuthenticationException

Constructs an AuthenticationException with the specified message and no root cause.

AuthenticationException(String, Throwable) - Constructor for exception org.springframework.security.core.AuthenticationException

Constructs an AuthenticationException with the specified message and root cause.

AuthenticationExtensionsClientInput<T> - Interface in org.springframework.security.web.webauthn.api

A client extension input entry in the AuthenticationExtensionsClientInputs.

AuthenticationExtensionsClientInputs - Interface in org.springframework.security.web.webauthn.api

AuthenticationExtensionsClientInputs is a dictionary containing the client extension input values for zero or more WebAuthn Extensions.

AuthenticationExtensionsClientOutput<T> - Interface in org.springframework.security.web.webauthn.api

A client extension output entry in AuthenticationExtensionsClientOutputs.

AuthenticationExtensionsClientOutputs - Interface in org.springframework.security.web.webauthn.api

AuthenticationExtensionsClientOutputs is a dictionary containing the client extension output values for zero or more WebAuthn Extensions.

AuthenticationFailureBadCredentialsEvent - Class in org.springframework.security.authentication.event

Application event which indicates authentication failure due to invalid credentials being presented.

AuthenticationFailureBadCredentialsEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent

AuthenticationFailureCredentialsExpiredEvent - Class in org.springframework.security.authentication.event

Application event which indicates authentication failure due to the user's credentials having expired.

AuthenticationFailureCredentialsExpiredEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureCredentialsExpiredEvent

AuthenticationFailureDisabledEvent - Class in org.springframework.security.authentication.event

Application event which indicates authentication failure due to the user's account being disabled.

AuthenticationFailureDisabledEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureDisabledEvent

AuthenticationFailureExpiredEvent - Class in org.springframework.security.authentication.event

Application event which indicates authentication failure due to the user's account having expired.

AuthenticationFailureExpiredEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureExpiredEvent

authenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer

Specifies the AuthenticationFailureHandler to use when authentication fails.

authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

Configures how a failed authentication is handled.

authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec

authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

The ServerAuthenticationFailureHandler used after authentication failure.

authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec

Specifies the ServerAuthenticationFailureHandler to use when authentication fails.

AuthenticationFailureHandler - Interface in org.springframework.security.web.authentication

Strategy used to handle a failed authentication attempt.

AuthenticationFailureLockedEvent - Class in org.springframework.security.authentication.event

Application event which indicates authentication failure due to the user's account having been locked.

AuthenticationFailureLockedEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureLockedEvent

AuthenticationFailureProviderNotFoundEvent - Class in org.springframework.security.authentication.event

Application event which indicates authentication failure due to there being no registered AuthenticationProvider that can process the request.

AuthenticationFailureProviderNotFoundEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureProviderNotFoundEvent

AuthenticationFailureProxyUntrustedEvent - Class in org.springframework.security.authentication.event

Application event which indicates authentication failure due to the CAS user's ticket being generated by an untrusted proxy.

AuthenticationFailureProxyUntrustedEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent

AuthenticationFailureServiceExceptionEvent - Class in org.springframework.security.authentication.event

Application event which indicates authentication failure due to there being a problem internal to the AuthenticationManager.

AuthenticationFailureServiceExceptionEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureServiceExceptionEvent

authenticationFilter(AnonymousAuthenticationFilter) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer

Sets the AnonymousAuthenticationFilter used to populate an anonymous user.

authenticationFilter(AnonymousAuthenticationWebFilter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec

Sets the AnonymousAuthenticationWebFilter used to populate an anonymous user.

AuthenticationFilter - Class in org.springframework.security.web.authentication

A Filter that performs authentication of a particular request.

AuthenticationFilter(AuthenticationManagerResolver<HttpServletRequest>, AuthenticationConverter) - Constructor for class org.springframework.security.web.authentication.AuthenticationFilter

AuthenticationFilter(AuthenticationManager, AuthenticationConverter) - Constructor for class org.springframework.security.web.authentication.AuthenticationFilter

authenticationIsRequired(String) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter

authenticationManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Deprecated.

Allows providing a custom AuthenticationManager.

authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configure the default AuthenticationManager.

authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer

authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer

authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

Allows a configuration of a AuthenticationManager to be used during SAML 2 authentication.

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.BasicAuthenticationSpec

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.JwtSpec

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.SimpleAuthenticationSpec

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configure the default authentication manager.

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

The ReactiveAuthenticationManager used to authenticate.

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec

The ReactiveAuthenticationManager used to authenticate.

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec

Configures the ReactiveAuthenticationManager to use.

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

Configures the ReactiveAuthenticationManager to use.

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

Configures the ReactiveAuthenticationManager to use

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec

Specifies ReactiveAuthenticationManager for one time tokens.

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec

AuthenticationManager - Interface in org.springframework.security.authentication

Processes an Authentication request.

AuthenticationManagerBeanDefinitionParser - Class in org.springframework.security.config.authentication

Registers the central ProviderManager used by the namespace configuration, and allows the configuration of an alias, allowing users to reference it in their beans and clearly see where the name is coming from.

AuthenticationManagerBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser

AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider - Class in org.springframework.security.config.authentication

Provider which doesn't provide any service.

authenticationManagerBuilder(ObjectPostProcessor<Object>, ApplicationContext) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration

AuthenticationManagerBuilder - Class in org.springframework.security.config.annotation.authentication.builders

SecurityBuilder used to create an AuthenticationManager.

AuthenticationManagerBuilder(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

Creates a new instance

AuthenticationManagerFactoryBean - Class in org.springframework.security.config.authentication

Factory bean for the namespace AuthenticationManager, which allows a more meaningful error message to be reported in the NoSuchBeanDefinitionException, if the user has forgotten to declare the <authentication-manager> element.

AuthenticationManagerFactoryBean() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean

authenticationManagerResolver(AuthenticationManagerResolver<HttpServletRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

authenticationManagerResolver(ReactiveAuthenticationManagerResolver<ServerWebExchange>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

Configures the ReactiveAuthenticationManagerResolver

AuthenticationManagerResolver<C> - Interface in org.springframework.security.authentication

An interface for resolving an AuthenticationManager based on the provided context

authenticationMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

Sets the matcher used for determining if the request is an authentication request.

AuthenticationMethod - Class in org.springframework.security.oauth2.core

The authentication method used when sending bearer access tokens in resource requests to resource servers.

AuthenticationMethod(String) - Constructor for class org.springframework.security.oauth2.core.AuthenticationMethod

Constructs an AuthenticationMethod using the provided value.

authenticationMethods(List<String>) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder

Use these authentication methods in the resulting OidcIdToken

AuthenticationObservationContext - Class in org.springframework.security.authentication

An Observation.Context used during authentications

AuthenticationObservationContext() - Constructor for class org.springframework.security.authentication.AuthenticationObservationContext

AuthenticationObservationConvention - Class in org.springframework.security.authentication

An ObservationConvention for translating authentications into KeyValues.

AuthenticationObservationConvention() - Constructor for class org.springframework.security.authentication.AuthenticationObservationConvention

AuthenticationPayloadExchangeConverter - Class in org.springframework.security.rsocket.authentication

Converts from the PayloadExchange for Authentication Extension.

AuthenticationPayloadExchangeConverter() - Constructor for class org.springframework.security.rsocket.authentication.AuthenticationPayloadExchangeConverter

AuthenticationPayloadInterceptor - Class in org.springframework.security.rsocket.authentication

Uses the provided ReactiveAuthenticationManager to authenticate a Payload.

AuthenticationPayloadInterceptor(ReactiveAuthenticationManager) - Constructor for class org.springframework.security.rsocket.authentication.AuthenticationPayloadInterceptor

Creates a new instance

AuthenticationPrincipal - Annotation Interface in org.springframework.security.core.annotation

Annotation that is used to resolve Authentication.getPrincipal() to a method argument.

AuthenticationPrincipal - Annotation Interface in org.springframework.security.web.bind.annotation

Deprecated.

Use AuthenticationPrincipal instead.

AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.messaging.context

Allows resolving the Authentication.getPrincipal() using the AuthenticationPrincipal annotation.

AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.messaging.handler.invocation.reactive

Allows resolving the Authentication.getPrincipal() using the AuthenticationPrincipal annotation.

AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.web.bind.support

Deprecated.

Use AuthenticationPrincipalArgumentResolver instead.

AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.web.method.annotation

Allows resolving the Authentication.getPrincipal() using the AuthenticationPrincipal annotation.

AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.web.reactive.result.method.annotation

Resolves the Authentication

AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver

AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.messaging.handler.invocation.reactive.AuthenticationPrincipalArgumentResolver

AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver

Deprecated.

AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver

AuthenticationPrincipalArgumentResolver(ReactiveAdapterRegistry) - Constructor for class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver

authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

Add authentication based upon the custom AuthenticationProvider that is passed in.

authenticationProvider(AuthenticationProvider) - Method in interface org.springframework.security.config.annotation.authentication.ProviderManagerBuilder

Add authentication based upon the custom AuthenticationProvider that is passed in.

authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer

Sets the AuthenticationProvider used to validate an anonymous user.

authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer

Specifies the AuthenticationProvider to use when authenticating the user.

authenticationProvider(AuthenticationProvider) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder

Allows adding an additional AuthenticationProvider to be used

AuthenticationProvider - Interface in org.springframework.security.authentication

Indicates a class can process a specific Authentication implementation.

AuthenticationProviderBeanDefinitionParser - Class in org.springframework.security.config.authentication

Wraps a UserDetailsService bean with a DaoAuthenticationProvider and registers the latter with the ProviderManager.

AuthenticationProviderBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AuthenticationProviderBeanDefinitionParser

authenticationRequestResolver(Saml2AuthenticationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

Use this Saml2AuthenticationRequestResolver for generating SAML 2.0 Authentication Requests.

authenticationRequestUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

Deprecated.

Use Saml2LoginConfigurer.authenticationRequestUriQuery(java.lang.String) instead

authenticationRequestUri(String) - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder

Sets the authenticationRequestUri, a URL that will receive the AuthNRequest message

authenticationRequestUriQuery(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

Customize the URL that the SAML Authentication Request will be sent to.

AuthenticationServiceException - Exception in org.springframework.security.authentication

Thrown if an authentication request could not be processed due to a system problem.

AuthenticationServiceException(String) - Constructor for exception org.springframework.security.authentication.AuthenticationServiceException

Constructs an AuthenticationServiceException with the specified message.

AuthenticationServiceException(String, Throwable) - Constructor for exception org.springframework.security.authentication.AuthenticationServiceException

Constructs an AuthenticationServiceException with the specified message and root cause.

AuthenticationSuccessEvent - Class in org.springframework.security.authentication.event

Application event which indicates successful authentication.

AuthenticationSuccessEvent(Authentication) - Constructor for class org.springframework.security.authentication.event.AuthenticationSuccessEvent

authenticationSuccessHandler(Consumer<List<ServerAuthenticationSuccessHandler>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

Allows customizing the list of ServerAuthenticationSuccessHandler.

authenticationSuccessHandler(Consumer<List<ServerAuthenticationSuccessHandler>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec

Allows customizing the list of ServerAuthenticationSuccessHandler.

authenticationSuccessHandler(Consumer<List<ServerAuthenticationSuccessHandler>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

Allows customizing the list of ServerAuthenticationSuccessHandler.

authenticationSuccessHandler(Consumer<List<ServerAuthenticationSuccessHandler>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec

Allows customizing the list of ServerAuthenticationSuccessHandler.

authenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer

Specifies the AuthenticationSuccessHandler to be used.

authenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

Allows control over the destination a remembered user is sent to when they are successfully authenticated.

authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

The ServerAuthenticationSuccessHandler used after authentication success.

authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec

The ServerAuthenticationSuccessHandler used after authentication success.

authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

The ServerAuthenticationSuccessHandler used after authentication success.

authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec

Specifies the ServerAuthenticationSuccessHandler

AuthenticationSuccessHandler - Interface in org.springframework.security.web.authentication

Strategy used to handle a successful user authentication.

AuthenticationSwitchUserEvent - Class in org.springframework.security.web.authentication.switchuser

Application event which indicates that a user context switch.

AuthenticationSwitchUserEvent(Authentication, UserDetails) - Constructor for class org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent

Switch user context event constructor

AuthenticationTag - Class in org.springframework.security.taglibs.authz

An Tag implementation that allows convenient access to the current Authentication object.

AuthenticationTag() - Constructor for class org.springframework.security.taglibs.authz.AuthenticationTag

AuthenticationTrustResolver - Interface in org.springframework.security.authentication

Evaluates Authentication tokens

AuthenticationTrustResolverImpl - Class in org.springframework.security.authentication

Basic implementation of AuthenticationTrustResolver.

AuthenticationTrustResolverImpl() - Constructor for class org.springframework.security.authentication.AuthenticationTrustResolverImpl

authenticationUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer

Specifies the AuthenticationUserDetailsService to use.

AuthenticationUserDetailsService<T extends Authentication> - Interface in org.springframework.security.core.userdetails

Interface that allows for retrieving a UserDetails object based on an Authentication object.

AuthenticationWebFilter - Class in org.springframework.security.web.server.authentication

A WebFilter that performs authentication of a particular request.

AuthenticationWebFilter(ReactiveAuthenticationManager) - Constructor for class org.springframework.security.web.server.authentication.AuthenticationWebFilter

Creates an instance

AuthenticationWebFilter(ReactiveAuthenticationManagerResolver<ServerWebExchange>) - Constructor for class org.springframework.security.web.server.authentication.AuthenticationWebFilter

Creates an instance

AuthenticatorAssertionResponse - Class in org.springframework.security.web.webauthn.api

The AuthenticatorAssertionResponse interface represents an authenticator's response to a client's request for generation of a new authentication assertion given the WebAuthn Relying Party's challenge and OPTIONAL list of credentials it is aware of.

AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder - Class in org.springframework.security.web.webauthn.api

Builds a AuthenticatorAssertionResponse.

authenticatorAttachment(AuthenticatorAttachment) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria.AuthenticatorSelectionCriteriaBuilder

Sets the AuthenticatorSelectionCriteria.getAuthenticatorAttachment() property.

authenticatorAttachment(AuthenticatorAttachment) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential.PublicKeyCredentialBuilder

Sets the PublicKeyCredential.getAuthenticatorAttachment() property.

AuthenticatorAttachment - Class in org.springframework.security.web.webauthn.api

The AuthenticatorAttachment.

AuthenticatorAttestationResponse - Class in org.springframework.security.web.webauthn.api

AuthenticatorAttestationResponse represents the authenticator's response to a client's request for the creation of a new public key credential.

AuthenticatorAttestationResponse.AuthenticatorAttestationResponseBuilder - Class in org.springframework.security.web.webauthn.api

Builds AuthenticatorAssertionResponse.

authenticatorData(Bytes) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder

Set the AuthenticatorAssertionResponse.getAuthenticatorData() property

AuthenticatorResponse - Class in org.springframework.security.web.webauthn.api

The AuthenticatorResponse represents Authenticators respond to Relying Party requests.

authenticatorSelection(AuthenticatorSelectionCriteria) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder

Sets the PublicKeyCredentialCreationOptions.getAuthenticatorSelection() property.

AuthenticatorSelectionCriteria - Class in org.springframework.security.web.webauthn.api

AuthenticatorAttachment can be used by WebAuthn Relying Parties to specify their requirements regarding authenticator attributes.

AuthenticatorSelectionCriteria.AuthenticatorSelectionCriteriaBuilder - Class in org.springframework.security.web.webauthn.api

Creates a AuthenticatorSelectionCriteria

AuthenticatorTransport - Class in org.springframework.security.web.webauthn.api

AuthenticatorTransport defines hints as to how clients might communicate with a particular authenticator in order to obtain an assertion for a specific credential.

authnRequestsSigned(Boolean) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder

Deprecated.

authnRequestsSigned(Boolean) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder

Set the AuthnRequestsSigned setting.

authorities() - Element in annotation interface org.springframework.security.test.context.support.WithMockUser

The authorities to use.

authorities(String...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder

Populates the authorities.

authorities(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer

Sets the Authentication.getAuthorities() for anonymous users

authorities(String...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec

Sets the Authentication.getAuthorities() for anonymous users

authorities(String...) - Method in class org.springframework.security.core.userdetails.User.UserBuilder

Populates the authorities.

authorities(String...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator

Specifies the GrantedAuthoritys to use.

authorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.core.userdetails.User.UserBuilder

Populates the authorities.

authorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator

Specifies the GrantedAuthoritys to use.

authorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor

Populates the user's GrantedAuthority's.

authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator

Use the provided authorities in the token

authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator

Use the provided authorities in the Authentication

authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator

Use the provided authorities in the Authentication

authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator

Use the provided authorities in the resulting principal

authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor

Use the provided authorities in the token

authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor

Use the provided authorities in the Authentication

authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor

Use the provided authorities in the Authentication

authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor

Use the provided authorities in the resulting principal

authorities(List<? extends GrantedAuthority>) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder

Populates the authorities.

authorities(List<GrantedAuthority>) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer

Sets the Authentication.getAuthorities() for anonymous users

authorities(List<GrantedAuthority>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec

Sets the Authentication.getAuthorities() for anonymous users

authorities(Converter<Jwt, Collection<GrantedAuthority>>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator

Provides the configured Jwt so that custom authorities can be derived from it

authorities(Converter<Jwt, Collection<GrantedAuthority>>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor

Provides the configured Jwt so that custom authorities can be derived from it

authorities(GrantedAuthority...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder

Populates the authorities.

authorities(GrantedAuthority...) - Method in class org.springframework.security.core.userdetails.User.UserBuilder

Populates the authorities.

authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator

Use the provided authorities in the token

authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator

Use the provided authorities in the Authentication

authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator

Use the provided authorities in the Authentication

authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator

Use the provided authorities in the resulting principal

authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator

Specifies the GrantedAuthoritys to use.

authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor

Use the provided authorities in the token

authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor

Use the provided authorities in the Authentication

authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor

Use the provided authorities in the Authentication

authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor

Use the provided authorities in the resulting principal

authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor

Populates the user's GrantedAuthority's.

AuthoritiesAuthorizationManager - Class in org.springframework.security.authorization

An AuthorizationManager that determines if the current user is authorized by evaluating if the Authentication contains any of the specified authorities.

AuthoritiesAuthorizationManager() - Constructor for class org.springframework.security.authorization.AuthoritiesAuthorizationManager

authoritiesByUsernameQuery(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

Sets the query to be used for finding a user's authorities by their username.

authoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

Specifies the GrantedAuthoritiesMapper.

AuthorityAuthorizationDecision - Class in org.springframework.security.authorization

Represents an AuthorizationDecision based on a collection of authorities

AuthorityAuthorizationDecision(boolean, Collection<GrantedAuthority>) - Constructor for class org.springframework.security.authorization.AuthorityAuthorizationDecision

AuthorityAuthorizationManager<T> - Class in org.springframework.security.authorization

An AuthorizationManager that determines if the current user is authorized by evaluating if the Authentication contains a specified authority.

AuthorityGranter - Interface in org.springframework.security.authentication.jaas

The AuthorityGranter interface is used to map a given principal to role names.

authorityListToSet(Collection<? extends GrantedAuthority>) - Static method in class org.springframework.security.core.authority.AuthorityUtils

Converts an array of GrantedAuthority objects to a Set.

AuthorityReactiveAuthorizationManager<T> - Class in org.springframework.security.authorization

A ReactiveAuthorizationManager that determines if the current user is authorized by evaluating if the Authentication contains a specified authority.

AuthorityUtils - Class in org.springframework.security.core.authority

Utility method for manipulating GrantedAuthority collections etc.

AUTHORIZATION - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder

Where authorization is placed.

AUTHORIZATION - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

AUTHORIZATION_CODE - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType

AuthorizationAdvisor - Interface in org.springframework.security.authorization.method

An interface that indicates method security advice

AuthorizationAdvisorProxyFactory - Class in org.springframework.security.authorization.method

A proxy factory for applying authorization advice to an arbitrary object.

AuthorizationAdvisorProxyFactory(List<AuthorizationAdvisor>) - Constructor for class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory

Construct an AuthorizationAdvisorProxyFactory with the provided advisors.

AuthorizationAdvisorProxyFactory.TargetVisitor - Interface in org.springframework.security.authorization.method

An interface to handle how the AuthorizationAdvisorProxyFactory should step through the target's object hierarchy.

AuthorizationChannelInterceptor - Class in org.springframework.security.messaging.access.intercept

Authorizes Message resources using the provided AuthorizationManager

AuthorizationChannelInterceptor(AuthorizationManager<Message<?>>) - Constructor for class org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor

Creates a new instance

authorizationCode() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder

Configures support for the authorization_code grant.

authorizationCode() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder

Configures support for the authorization_code grant.

authorizationCode() - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest

Returns a new OAuth2AuthorizationRequest.Builder, initialized with the authorization code grant type.

authorizationCodeGrant() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use OAuth2ClientConfigurer.authorizationCodeGrant(Customizer) instead

authorizationCodeGrant(Customizer<OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer

Configures the OAuth 2.0 Authorization Code Grant.

authorizationCodeHash(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder

Use this authorization code hash in the resulting OidcIdToken

AuthorizationCodeOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client

An implementation of an OAuth2AuthorizedClientProvider for the authorization_code grant.

AuthorizationCodeOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.AuthorizationCodeOAuth2AuthorizedClientProvider

AuthorizationCodeReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client

An implementation of a ReactiveOAuth2AuthorizedClientProvider for the authorization_code grant.

AuthorizationCodeReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.AuthorizationCodeReactiveOAuth2AuthorizedClientProvider

AuthorizationContext - Class in org.springframework.security.web.server.authorization

AuthorizationContext(ServerWebExchange) - Constructor for class org.springframework.security.web.server.authorization.AuthorizationContext

AuthorizationContext(ServerWebExchange, Map<String, Object>) - Constructor for class org.springframework.security.web.server.authorization.AuthorizationContext

AuthorizationDecision - Class in org.springframework.security.authorization

AuthorizationDecision(boolean) - Constructor for class org.springframework.security.authorization.AuthorizationDecision

AuthorizationDeniedEvent<T> - Class in org.springframework.security.authorization.event

An ApplicationEvent which indicates failed authorization.

AuthorizationDeniedEvent(Supplier<Authentication>, T, AuthorizationDecision) - Constructor for class org.springframework.security.authorization.event.AuthorizationDeniedEvent

Deprecated.

Please use an AuthorizationResult constructor instead

AuthorizationDeniedEvent(Supplier<Authentication>, T, AuthorizationResult) - Constructor for class org.springframework.security.authorization.event.AuthorizationDeniedEvent

AuthorizationDeniedException - Exception in org.springframework.security.authorization

An AccessDeniedException that contains the AuthorizationResult

AuthorizationDeniedException(String) - Constructor for exception org.springframework.security.authorization.AuthorizationDeniedException

AuthorizationDeniedException(String, AuthorizationResult) - Constructor for exception org.springframework.security.authorization.AuthorizationDeniedException

authorizationEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use OAuth2LoginConfigurer.authorizationEndpoint(Customizer) instead

authorizationEndpoint(Customizer<OAuth2LoginConfigurer.AuthorizationEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Configures the Authorization Server's Authorization Endpoint.

AuthorizationEvent - Class in org.springframework.security.authorization.event

A parent class for AuthorizationGrantedEvent and AuthorizationDeniedEvent.

AuthorizationEvent(Supplier<Authentication>, Object, AuthorizationDecision) - Constructor for class org.springframework.security.authorization.event.AuthorizationEvent

Construct an AuthorizationEvent

AuthorizationEvent(Supplier<Authentication>, Object, AuthorizationResult) - Constructor for class org.springframework.security.authorization.event.AuthorizationEvent

Construct an AuthorizationEvent

AuthorizationEventPublisher - Interface in org.springframework.security.authorization

A contract for publishing authorization events

AuthorizationFailureEvent - Class in org.springframework.security.access.event

Deprecated.

Use AuthorizationDeniedEvent instead

AuthorizationFailureEvent(Object, Collection<ConfigAttribute>, Authentication, AccessDeniedException) - Constructor for class org.springframework.security.access.event.AuthorizationFailureEvent

Deprecated.

Construct the event.

authorizationFailureHandler(OAuth2AuthorizedClientService) - Static method in class org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor

Provides an OAuth2AuthorizationFailureHandler that handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server using a OAuth2AuthorizedClientService.

authorizationFailureHandler(OAuth2AuthorizedClientRepository) - Static method in class org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor

Provides an OAuth2AuthorizationFailureHandler that handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server using a OAuth2AuthorizedClientRepository.

AuthorizationFilter - Class in org.springframework.security.web.access.intercept

An authorization filter that restricts access to the URL using AuthorizationManager.

AuthorizationFilter(AuthorizationManager<HttpServletRequest>) - Constructor for class org.springframework.security.web.access.intercept.AuthorizationFilter

Creates an instance.

AuthorizationGrantedEvent<T> - Class in org.springframework.security.authorization.event

An ApplicationEvent which indicates successful authorization.

AuthorizationGrantedEvent(Supplier<Authentication>, T, AuthorizationDecision) - Constructor for class org.springframework.security.authorization.event.AuthorizationGrantedEvent

Deprecated.

please use a constructor that takes an AuthorizationResult

AuthorizationGrantedEvent(Supplier<Authentication>, T, AuthorizationResult) - Constructor for class org.springframework.security.authorization.event.AuthorizationGrantedEvent

authorizationGrantType(AuthorizationGrantType) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder

Sets the authorization grant type used for the client.

AuthorizationGrantType - Class in org.springframework.security.oauth2.core

An authorization grant is a credential representing the resource owner's authorization (to access it's protected resources) to the client and used by the client to obtain an access token.

AuthorizationGrantType(String) - Constructor for class org.springframework.security.oauth2.core.AuthorizationGrantType

Constructs an AuthorizationGrantType using the provided value.

AuthorizationInterceptorsOrder - Enum Class in org.springframework.security.authorization.method

Ordering of Spring Security's authorization Advisors

AuthorizationManager<T> - Interface in org.springframework.security.authorization

An Authorization manager which can determine if an Authentication has access to a specific object.

AuthorizationManagerAfterMethodInterceptor - Class in org.springframework.security.authorization.method

A MethodInterceptor which can determine if an Authentication has access to the result of an MethodInvocation using an AuthorizationManager

AuthorizationManagerAfterMethodInterceptor(Pointcut, AuthorizationManager<MethodInvocationResult>) - Constructor for class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor

Creates an instance.

AuthorizationManagerAfterReactiveMethodInterceptor - Class in org.springframework.security.authorization.method

A MethodInterceptor which can determine if an Authentication has access to the returned object from the MethodInvocation using the configured ReactiveAuthorizationManager.

AuthorizationManagerAfterReactiveMethodInterceptor(Pointcut, ReactiveAuthorizationManager<MethodInvocationResult>) - Constructor for class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor

Creates an instance.

AuthorizationManagerBeforeMethodInterceptor - Class in org.springframework.security.authorization.method

A MethodInterceptor which uses a AuthorizationManager to determine if an Authentication may invoke the given MethodInvocation

AuthorizationManagerBeforeMethodInterceptor(Pointcut, AuthorizationManager<MethodInvocation>) - Constructor for class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor

Creates an instance.

AuthorizationManagerBeforeReactiveMethodInterceptor - Class in org.springframework.security.authorization.method

A MethodInterceptor which can determine if an Authentication has access to the MethodInvocation using the configured ReactiveAuthorizationManager.

AuthorizationManagerBeforeReactiveMethodInterceptor(Pointcut, ReactiveAuthorizationManager<MethodInvocation>) - Constructor for class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor

Creates an instance.

AuthorizationManagers - Class in org.springframework.security.authorization

A factory class to create an AuthorizationManager instances.

AuthorizationManagerWebInvocationPrivilegeEvaluator - Class in org.springframework.security.web.access

An implementation of WebInvocationPrivilegeEvaluator which delegates the checks to an instance of AuthorizationManager

AuthorizationManagerWebInvocationPrivilegeEvaluator(AuthorizationManager<HttpServletRequest>) - Constructor for class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator

AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer - Interface in org.springframework.security.web.access

Used to transform the HttpServletRequest prior to passing it into the AuthorizationManager.

AuthorizationObservationContext<T> - Class in org.springframework.security.authorization

An Observation.Context used during authorizations

AuthorizationObservationContext(T) - Constructor for class org.springframework.security.authorization.AuthorizationObservationContext

AuthorizationObservationConvention - Class in org.springframework.security.authorization

An ObservationConvention for translating authorizations into KeyValues.

AuthorizationObservationConvention() - Constructor for class org.springframework.security.authorization.AuthorizationObservationConvention

AuthorizationPayloadInterceptor - Class in org.springframework.security.rsocket.authorization

Provides authorization of the PayloadExchange.

AuthorizationPayloadInterceptor(ReactiveAuthorizationManager<PayloadExchange>) - Constructor for class org.springframework.security.rsocket.authorization.AuthorizationPayloadInterceptor

AuthorizationProxy - Interface in org.springframework.security.authorization.method

An interface that is typically implemented by Spring Security's AOP support to identify an instance as being proxied by Spring Security.

AuthorizationProxyFactory - Interface in org.springframework.security.authorization

A factory for wrapping arbitrary objects in authorization-related advice

authorizationRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer

Sets the redirect strategy for Authorization Endpoint redirect URI.

authorizationRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig

Sets the redirect strategy for Authorization Endpoint redirect URI.

authorizationRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec

Sets the redirect strategy for Authorization Endpoint redirect URI.

authorizationRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

Sets the redirect strategy for Authorization Endpoint redirect URI.

authorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer

Sets the repository used for storing OAuth2AuthorizationRequest's.

authorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig

Sets the repository used for storing OAuth2AuthorizationRequest's.

authorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec

Sets the repository to use for storing OAuth2AuthorizationRequest's.

authorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

Sets the repository to use for storing OAuth2AuthorizationRequest's.

AuthorizationRequestRepository<T extends OAuth2AuthorizationRequest> - Interface in org.springframework.security.oauth2.client.web

Implementations of this interface are responsible for the persistence of OAuth2AuthorizationRequest between requests.

authorizationRequestResolver(OAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer

Sets the resolver used for resolving OAuth2AuthorizationRequest's.

authorizationRequestResolver(OAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig

Sets the resolver used for resolving OAuth2AuthorizationRequest's.

authorizationRequestResolver(ServerOAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec

Sets the resolver used for resolving OAuth2AuthorizationRequest's.

authorizationRequestResolver(ServerOAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

Sets the resolver used for resolving OAuth2AuthorizationRequest's.

authorizationRequestUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder

Sets the URI string representation of the OAuth 2.0 Authorization Request.

authorizationRequestUri(Function<UriBuilder, URI>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder

A Function to be provided a UriBuilder representation of the OAuth 2.0 Authorization Request allowing for further customizations.

AuthorizationResult - Interface in org.springframework.security.authorization

Represents an authorization result

AuthorizationServiceException - Exception in org.springframework.security.access

Thrown if an authorization request could not be processed due to a system problem.

AuthorizationServiceException(String) - Constructor for exception org.springframework.security.access.AuthorizationServiceException

Constructs an AuthorizationServiceException with the specified message.

AuthorizationServiceException(String, Throwable) - Constructor for exception org.springframework.security.access.AuthorizationServiceException

Constructs an AuthorizationServiceException with the specified message and root cause.

authorizationUri(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder

Sets the uri for the authorization endpoint.

authorizationUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder

Sets the uri for the authorization endpoint.

AuthorizationWebFilter - Class in org.springframework.security.web.server.authorization

AuthorizationWebFilter(ReactiveAuthorizationManager<? super ServerWebExchange>) - Constructor for class org.springframework.security.web.server.authorization.AuthorizationWebFilter

authorize() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag

Make an authorization decision by considering all <authorize> tag attributes.

authorize(Supplier<Authentication>, T) - Method in interface org.springframework.security.authorization.AuthorizationManager

Determines if access is granted for a specific authentication and object.

authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.AuthorizationCodeOAuth2AuthorizedClientProvider

Attempt to authorize the client in the provided context.

authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.AuthorizationCodeReactiveOAuth2AuthorizedClientProvider

Attempt to authorize the client in the provided context.

authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider

Attempt to authorize (or re-authorize) the client in the provided context.

authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider

Attempt to authorize (or re-authorize) the client in the provided context.

authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.DelegatingOAuth2AuthorizedClientProvider

authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.DelegatingReactiveOAuth2AuthorizedClientProvider

authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.JwtBearerOAuth2AuthorizedClientProvider

Attempt to authorize (or re-authorize) the client in the provided context.

authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider

Attempt to authorize (or re-authorize) the client in the provided context.

authorize(OAuth2AuthorizationContext) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider

Attempt to authorize (or re-authorize) the client in the provided context.

authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.PasswordOAuth2AuthorizedClientProvider

Deprecated.

Attempt to authorize (or re-authorize) the client in the provided context.

authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.PasswordReactiveOAuth2AuthorizedClientProvider

Deprecated.

Attempt to authorize (or re-authorize) the client in the provided context.

authorize(OAuth2AuthorizationContext) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProvider

Attempt to authorize (or re-authorize) the client in the provided context.

authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider

Attempt to re-authorize the client in the provided context.

authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.RefreshTokenReactiveOAuth2AuthorizedClientProvider

Attempt to re-authorize the client in the provided context.

authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider

Attempt to authorize (or re-authorize) the client in the provided context.

authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider

Attempt to authorize (or re-authorize) the client in the provided context.

authorize(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager

authorize(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager

authorize(OAuth2AuthorizeRequest) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager

Attempt to authorize or re-authorize (if required) the client identified by the provided clientRegistrationId.

authorize(OAuth2AuthorizeRequest) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientManager

Attempt to authorize or re-authorize (if required) the client identified by the provided clientRegistrationId.

authorize(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager

authorize(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager

authorize(Mono<Authentication>, T) - Method in interface org.springframework.security.authorization.ReactiveAuthorizationManager

Determines if access is granted for a specific authentication and object.

authorizedClientParametersMapper - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService

authorizedClientParametersMapper - Variable in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService

authorizedClientRepository(OAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer

Sets the repository for authorized client(s).

authorizedClientRepository(OAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Sets the repository for authorized client(s).

authorizedClientRepository(ServerOAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec

Configures the ReactiveClientRegistrationRepository.

authorizedClientRepository(ServerOAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

authorizedClientRowMapper - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService

authorizedClientRowMapper - Variable in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService

authorizedClientService(OAuth2AuthorizedClientService) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer

Sets the service for authorized client(s).

authorizedClientService(OAuth2AuthorizedClientService) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Sets the service for authorized client(s).

authorizedClientService(ReactiveOAuth2AuthorizedClientService) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

AuthorizedClientServiceOAuth2AuthorizedClientManager - Class in org.springframework.security.oauth2.client

An implementation of an OAuth2AuthorizedClientManager that is capable of operating outside of the context of a HttpServletRequest, e.g.

AuthorizedClientServiceOAuth2AuthorizedClientManager(ClientRegistrationRepository, OAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager

Constructs an AuthorizedClientServiceOAuth2AuthorizedClientManager using the provided parameters.

AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper - Class in org.springframework.security.oauth2.client

The default implementation of the contextAttributesMapper.

AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager - Class in org.springframework.security.oauth2.client

An implementation of a ReactiveOAuth2AuthorizedClientManager that is capable of operating outside of the context of a ServerWebExchange, e.g.

AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(ReactiveClientRegistrationRepository, ReactiveOAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager

Constructs an AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager using the provided parameters.

AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper - Class in org.springframework.security.oauth2.client

The default implementation of the contextAttributesMapper.

AuthorizedEvent - Class in org.springframework.security.access.event

Deprecated.

Use AuthorizationGrantedEvent instead

AuthorizedEvent(Object, Collection<ConfigAttribute>, Authentication) - Constructor for class org.springframework.security.access.event.AuthorizedEvent

Deprecated.

Construct the event.

authorizedParty(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder

Use this authorized party in the resulting OidcIdToken

authorizeExchange() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.authorizeExchange(Customizer) or authorizeExchange(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

authorizeExchange(Customizer<ServerHttpSecurity.AuthorizeExchangeSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures authorization.

AuthorizeExchangeSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec

authorizeHttpRequests() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.authorizeHttpRequests(Customizer) instead

authorizeHttpRequests(Customizer<AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows restricting access based upon the HttpServletRequest using RequestMatcher implementations (i.e.

AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds a URL based authorization using AuthorizationManager.

AuthorizeHttpRequestsConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer

Creates an instance.

AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry - Class in org.springframework.security.config.annotation.web.configurers

Registry for mapping a RequestMatcher to an AuthorizationManager.

AuthorizeHttpRequestsConfigurer.AuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers

An object that allows configuring the AuthorizationManager for RequestMatchers.

AuthorizeHttpRequestsConfigurer.AuthorizedUrl.AuthorizedUrlVariable - Class in org.springframework.security.config.annotation.web.configurers

An object that allows configuring RequestMatchers with URI path variables

authorizePayload(Customizer<RSocketSecurity.AuthorizePayloadsSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity

AuthorizePayloadsSpec() - Constructor for class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec

authorizeRequests() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.authorizeHttpRequests(Customizer) instead

authorizeRequests(Customizer<ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.authorizeHttpRequests(Customizer) instead

AuthorizeReturnObject - Annotation Interface in org.springframework.security.authorization.method

Wraps Spring Security method authorization advice around the return object of any method this annotation is applied to.

AuthorizeReturnObjectCoreHintsRegistrar - Class in org.springframework.security.aot.hint

A SecurityHintsRegistrar that scans all beans for methods that use AuthorizeReturnObject and registers those return objects as TypeHints.

AuthorizeReturnObjectCoreHintsRegistrar(AuthorizationProxyFactory) - Constructor for class org.springframework.security.aot.hint.AuthorizeReturnObjectCoreHintsRegistrar

AuthorizeReturnObjectDataHintsRegistrar - Class in org.springframework.security.data.aot.hint

A SecurityHintsRegistrar that scans all beans for implementations of RepositoryFactoryBeanSupport, registering the corresponding entity class as a TypeHint should any if that repository's method use AuthorizeReturnObject.

AuthorizeReturnObjectDataHintsRegistrar(AuthorizationProxyFactory) - Constructor for class org.springframework.security.data.aot.hint.AuthorizeReturnObjectDataHintsRegistrar

AuthorizeReturnObjectHintsRegistrar - Class in org.springframework.security.aot.hint

A SecurityHintsRegistrar implementation that registers only the classes provided in the constructor.

AuthorizeReturnObjectHintsRegistrar(AuthorizationProxyFactory, Class<?>...) - Constructor for class org.springframework.security.aot.hint.AuthorizeReturnObjectHintsRegistrar

AuthorizeReturnObjectHintsRegistrar(AuthorizationProxyFactory, List<Class<?>>) - Constructor for class org.springframework.security.aot.hint.AuthorizeReturnObjectHintsRegistrar

Construct this registrar

AuthorizeReturnObjectMethodInterceptor - Class in org.springframework.security.authorization.method

A method interceptor that applies the given AuthorizationProxyFactory to any return value annotated with AuthorizeReturnObject

AuthorizeReturnObjectMethodInterceptor(AuthorizationProxyFactory) - Constructor for class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor

authorizeUsingAccessExpression() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag

Make an authorization decision based on a Spring EL expression.

authorizeUsingUrlCheck() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag

Make an authorization decision based on the URL and HTTP method attributes.

authTime(Instant) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder

Use this authentication Instant in the resulting OidcIdToken

autoLogin(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.NullRememberMeServices

autoLogin(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

Template implementation which locates the Spring Security cookie, decodes it into a delimited array of tokens and submits it to subclasses for processing via the processAutoLoginCookie method.

autoLogin(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.authentication.RememberMeServices

This method will be called whenever the SecurityContextHolder does not contain an Authentication object and Spring Security wishes to provide an implementation with an opportunity to authenticate the request using remember-me capabilities.

AutowiredWebSecurityConfigurersIgnoreParents - Class in org.springframework.security.config.annotation.web.configuration

A class used to get all the WebSecurityConfigurer instances from the current ApplicationContext but ignoring the parent.

awaitTermination(long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService

AZP - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames

azp - the Authorized party to which the ID Token was issued

B

backChannel(Customizer<OidcLogoutConfigurer.BackChannelLogoutConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer

Configure OIDC Back-Channel Logout using the provided Consumer

backChannel(Customizer<ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec

Configure OIDC Back-Channel Logout using the provided Consumer

BackChannelLogoutConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer.BackChannelLogoutConfigurer

BackChannelLogoutConfigurer() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer

backupEligible(boolean) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder

backupState(boolean) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder

BadCredentialsException - Exception in org.springframework.security.authentication

Thrown if an authentication request is rejected because the credentials are invalid.

BadCredentialsException(String) - Constructor for exception org.springframework.security.authentication.BadCredentialsException

Constructs a BadCredentialsException with the specified message.

BadCredentialsException(String, Throwable) - Constructor for exception org.springframework.security.authentication.BadCredentialsException

Constructs a BadCredentialsException with the specified message and root cause.

BadJwtException - Exception in org.springframework.security.oauth2.jwt

An exception similar to BadCredentialsException that indicates a Jwt that is invalid in some way.

BadJwtException(String) - Constructor for exception org.springframework.security.oauth2.jwt.BadJwtException

BadJwtException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.jwt.BadJwtException

BadOpaqueTokenException - Exception in org.springframework.security.oauth2.server.resource.introspection

An exception similar to BadCredentialsException that indicates an opaque token that is invalid in some way.

BadOpaqueTokenException(String) - Constructor for exception org.springframework.security.oauth2.server.resource.introspection.BadOpaqueTokenException

BadOpaqueTokenException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.server.resource.introspection.BadOpaqueTokenException

Base64 - Class in org.springframework.security.crypto.codec

Deprecated.

Use java.util.Base64

Base64StringKeyGenerator - Class in org.springframework.security.crypto.keygen

A StringKeyGenerator that generates base64-encoded String keys.

Base64StringKeyGenerator() - Constructor for class org.springframework.security.crypto.keygen.Base64StringKeyGenerator

Creates an instance with keyLength of 32 bytes and standard Base64 encoding.

Base64StringKeyGenerator(int) - Constructor for class org.springframework.security.crypto.keygen.Base64StringKeyGenerator

Creates an instance with the provided key length in bytes and standard Base64 encoding.

Base64StringKeyGenerator(Base64.Encoder) - Constructor for class org.springframework.security.crypto.keygen.Base64StringKeyGenerator

Creates an instance with keyLength of 32 bytes and the provided encoder.

Base64StringKeyGenerator(Base64.Encoder, int) - Constructor for class org.springframework.security.crypto.keygen.Base64StringKeyGenerator

Creates an instance with the provided key length and encoder.

BasePermission - Class in org.springframework.security.acls.domain

A set of standard permissions.

BasePermission(int) - Constructor for class org.springframework.security.acls.domain.BasePermission

BasePermission(int, char) - Constructor for class org.springframework.security.acls.domain.BasePermission

baseUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig

Sets the base URI used for authorization requests.

baseUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.RedirectionEndpointConfig

Sets the URI where the authorization response will be processed.

BASIC - Static variable in class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter

Deprecated.

BASIC_AUTH - Static variable in class org.springframework.security.config.Elements

BASIC_AUTHENTICATION - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder

Where basic authentication is placed.

BASIC_AUTHENTICATION_MIME_TYPE - Static variable in class org.springframework.security.rsocket.metadata.UsernamePasswordMetadata

Deprecated.

Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())

basicAuthentication(Customizer<RSocketSecurity.BasicAuthenticationSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity

Deprecated.

Use RSocketSecurity.simpleAuthentication(Customizer)

BasicAuthenticationConverter - Class in org.springframework.security.web.authentication.www

Converts from a HttpServletRequest to UsernamePasswordAuthenticationToken that can be authenticated.

BasicAuthenticationConverter() - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationConverter

BasicAuthenticationConverter(AuthenticationDetailsSource<HttpServletRequest, ?>) - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationConverter

BasicAuthenticationDecoder - Class in org.springframework.security.rsocket.metadata

Deprecated.

Basic Authentication did not evolve into a standard. Use Simple Authentication instead.

BasicAuthenticationDecoder() - Constructor for class org.springframework.security.rsocket.metadata.BasicAuthenticationDecoder

Deprecated.

BasicAuthenticationEncoder - Class in org.springframework.security.rsocket.metadata

Deprecated.

Basic Authentication did not evolve into a standard. use SimpleAuthenticationEncoder

BasicAuthenticationEncoder() - Constructor for class org.springframework.security.rsocket.metadata.BasicAuthenticationEncoder

Deprecated.

BasicAuthenticationEntryPoint - Class in org.springframework.security.web.authentication.www

Used by the ExceptionTranslationFilter to commence authentication via the BasicAuthenticationFilter.

BasicAuthenticationEntryPoint() - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint

BasicAuthenticationFilter - Class in org.springframework.security.web.authentication.www

Processes a HTTP request's BASIC authorization headers, putting the result into the SecurityContextHolder.

BasicAuthenticationFilter(AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationFilter

Creates an instance which will authenticate against the supplied AuthenticationManager and which will ignore failed authentication attempts, allowing the request to proceed down the filter chain.

BasicAuthenticationFilter(AuthenticationManager, AuthenticationEntryPoint) - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationFilter

Creates an instance which will authenticate against the supplied AuthenticationManager and use the supplied AuthenticationEntryPoint to handle authentication failures.

BasicAuthenticationPayloadExchangeConverter - Class in org.springframework.security.rsocket.authentication

Converts from the PayloadExchange to a UsernamePasswordAuthenticationToken by extracting UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE from the metadata.

BasicAuthenticationPayloadExchangeConverter() - Constructor for class org.springframework.security.rsocket.authentication.BasicAuthenticationPayloadExchangeConverter

BasicLookupStrategy - Class in org.springframework.security.acls.jdbc

Performs lookups in a manner that is compatible with ANSI SQL.

BasicLookupStrategy(DataSource, AclCache, AclAuthorizationStrategy, AuditLogger) - Constructor for class org.springframework.security.acls.jdbc.BasicLookupStrategy

Constructor accepting mandatory arguments

BasicLookupStrategy(DataSource, AclCache, AclAuthorizationStrategy, PermissionGrantingStrategy) - Constructor for class org.springframework.security.acls.jdbc.BasicLookupStrategy

Creates a new instance

BCrypt - Class in org.springframework.security.crypto.bcrypt

BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.

BCrypt() - Constructor for class org.springframework.security.crypto.bcrypt.BCrypt

BCryptPasswordEncoder - Class in org.springframework.security.crypto.bcrypt

Implementation of PasswordEncoder that uses the BCrypt strong hashing function.

BCryptPasswordEncoder() - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder

BCryptPasswordEncoder(int) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder

BCryptPasswordEncoder(int, SecureRandom) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder

BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder

BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion, int) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder

BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion, int, SecureRandom) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder

BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion, SecureRandom) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder

BCryptPasswordEncoder.BCryptVersion - Enum Class in org.springframework.security.crypto.bcrypt

Stores the default bcrypt version for use in configuration.

BeanIds - Class in org.springframework.security.config

Contains globally used default Bean IDs for beans created by the namespace support in Spring Security 2.

BeanIds() - Constructor for class org.springframework.security.config.BeanIds

BEARER - Static variable in class org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType

BEARER_AUTHENTICATION_MIME_TYPE - Static variable in class org.springframework.security.rsocket.metadata.BearerTokenMetadata

Deprecated.

Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())

BearerPayloadExchangeConverter - Class in org.springframework.security.rsocket.authentication

Converts from the PayloadExchange to a BearerTokenAuthenticationToken by extracting BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE from the metadata.

BearerPayloadExchangeConverter() - Constructor for class org.springframework.security.rsocket.authentication.BearerPayloadExchangeConverter

bearerToken(String) - Static method in class org.springframework.security.web.http.SecurityHeaders

Sets the provided value as a Bearer token in a header with the name of HttpHeaders.AUTHORIZATION

BearerTokenAccessDeniedHandler - Class in org.springframework.security.oauth2.server.resource.web.access

Translates any AccessDeniedException into an HTTP response in accordance with RFC 6750 Section 3: The WWW-Authenticate.

BearerTokenAccessDeniedHandler() - Constructor for class org.springframework.security.oauth2.server.resource.web.access.BearerTokenAccessDeniedHandler

BearerTokenAuthentication - Class in org.springframework.security.oauth2.server.resource.authentication

An Authentication token that represents a successful authentication as obtained through a bearer token.

BearerTokenAuthentication(OAuth2AuthenticatedPrincipal, OAuth2AccessToken, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication

Constructs a BearerTokenAuthentication with the provided arguments

BearerTokenAuthenticationEncoder - Class in org.springframework.security.rsocket.metadata

Encodes Bearer Authentication.

BearerTokenAuthenticationEncoder() - Constructor for class org.springframework.security.rsocket.metadata.BearerTokenAuthenticationEncoder

BearerTokenAuthenticationEntryPoint - Class in org.springframework.security.oauth2.server.resource.web

An AuthenticationEntryPoint implementation used to commence authentication of protected resource requests using BearerTokenAuthenticationFilter.

BearerTokenAuthenticationEntryPoint() - Constructor for class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint

BearerTokenAuthenticationFilter - Class in org.springframework.security.oauth2.server.resource.web.authentication

Authenticates requests that contain an OAuth 2.0 Bearer Token.

BearerTokenAuthenticationFilter - Class in org.springframework.security.oauth2.server.resource.web

Deprecated.

Use BearerTokenAuthenticationFilter instead

BearerTokenAuthenticationFilter(AuthenticationManager) - Constructor for class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter

Construct a BearerTokenAuthenticationFilter using the provided parameter(s)

BearerTokenAuthenticationFilter(AuthenticationManager) - Constructor for class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter

Deprecated.

Construct a BearerTokenAuthenticationFilter using the provided parameter(s)

BearerTokenAuthenticationFilter(AuthenticationManagerResolver<HttpServletRequest>) - Constructor for class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter

Construct a BearerTokenAuthenticationFilter using the provided parameter(s)

BearerTokenAuthenticationFilter(AuthenticationManagerResolver<HttpServletRequest>) - Constructor for class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter

Deprecated.

Construct a BearerTokenAuthenticationFilter using the provided parameter(s)

BearerTokenAuthenticationToken - Class in org.springframework.security.oauth2.server.resource.authentication

An Authentication that contains a Bearer Token.

BearerTokenAuthenticationToken - Class in org.springframework.security.oauth2.server.resource

Deprecated.

Please use BearerTokenAuthenticationToken

BearerTokenAuthenticationToken(String) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken

Create a BearerTokenAuthenticationToken using the provided parameter(s)

BearerTokenAuthenticationToken(String) - Constructor for class org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken

Deprecated.

Create a BearerTokenAuthenticationToken using the provided parameter(s)

bearerTokenConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

Configures the ServerAuthenticationConverter to use for requests authenticating with Bearer Tokens.

BearerTokenError - Class in org.springframework.security.oauth2.server.resource

A representation of a Bearer Token Error.

BearerTokenError(String, HttpStatus, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.BearerTokenError

Create a BearerTokenError using the provided parameters

BearerTokenError(String, HttpStatus, String, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.BearerTokenError

Create a BearerTokenError using the provided parameters

BearerTokenErrorCodes - Class in org.springframework.security.oauth2.server.resource

Standard error codes defined by the OAuth 2.0 Authorization Framework: Bearer Token Usage.

BearerTokenErrors - Class in org.springframework.security.oauth2.server.resource

A factory for creating BearerTokenError instances that correspond to the registered Bearer Token Error Codes.

BearerTokenMetadata - Class in org.springframework.security.rsocket.metadata

Represents a bearer token that has been encoded into a Payload#metadata().

BearerTokenMetadata(String) - Constructor for class org.springframework.security.rsocket.metadata.BearerTokenMetadata

bearerTokenResolver(BearerTokenResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

BearerTokenResolver - Interface in org.springframework.security.oauth2.server.resource.web

A strategy for resolving Bearer Tokens from the HttpServletRequest.

BearerTokenServerAccessDeniedHandler - Class in org.springframework.security.oauth2.server.resource.web.access.server

Translates any AccessDeniedException into an HTTP response in accordance with RFC 6750 Section 3: The WWW-Authenticate.

BearerTokenServerAccessDeniedHandler() - Constructor for class org.springframework.security.oauth2.server.resource.web.access.server.BearerTokenServerAccessDeniedHandler

BearerTokenServerAuthenticationEntryPoint - Class in org.springframework.security.oauth2.server.resource.web.server

An AuthenticationEntryPoint implementation used to commence authentication of protected resource requests using BearerTokenAuthenticationFilter.

BearerTokenServerAuthenticationEntryPoint() - Constructor for class org.springframework.security.oauth2.server.resource.web.server.BearerTokenServerAuthenticationEntryPoint

before(Authentication, MethodInvocation, PreInvocationAttribute) - Method in class org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice

Deprecated.

before(Authentication, MethodInvocation, PreInvocationAttribute) - Method in interface org.springframework.security.access.prepost.PreInvocationAuthorizationAdvice

Deprecated.

The "before" advice which should be executed to perform any filtering necessary and to decide whether the method call is authorised.

beforeConcurrentHandling(NativeWebRequest, Callable<T>) - Method in class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor

beforeConfigure() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Invoked prior to invoking each SecurityConfigurer.configure(SecurityBuilder) method.

beforeConfigure() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

beforeHandle(Message<?>, MessageChannel, MessageHandler) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor

beforeHandle(Message<?>, MessageChannel, MessageHandler) - Method in class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor

beforeHandshake(ServerHttpRequest, ServerHttpResponse, WebSocketHandler, Map<String, Object>) - Method in class org.springframework.security.messaging.web.socket.server.CsrfTokenHandshakeInterceptor

beforeInit() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Invoked prior to invoking each SecurityConfigurer.init(SecurityBuilder) method.

beforeInvocation(Object) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.CsrfMutator

beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator

beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator

beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator

beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator

beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator

beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator

beforeSpringSecurityFilterChain(ServletContext) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer

Invoked before the springSecurityFilterChain is added.

beforeTestClass(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener

beforeTestExecution(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener

beforeTestExecution(TestContext) - Method in class org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener

If configured before test execution sets the SecurityContext

beforeTestMethod(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener

beforeTestMethod(TestContext) - Method in class org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener

Sets up the SecurityContext for each test method.

BindAuthenticator - Class in org.springframework.security.ldap.authentication

An authenticator which binds as a user.

BindAuthenticator(BaseLdapPathContextSource) - Constructor for class org.springframework.security.ldap.authentication.BindAuthenticator

Create an initialized instance using the BaseLdapPathContextSource provided.

binding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder

Use this SAML 2.0 Message Binding By default, the asserting party's configured binding is used

binding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder

Use this SAML 2.0 Message Binding By default, the asserting party's configured binding is used

birthdate(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Use this birthdate in the resulting OidcUserInfo

BIRTHDATE - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames

birthdate - the user's birth date

BLE - Static variable in class org.springframework.security.web.webauthn.api.AuthenticatorTransport

ble Indicates the respective authenticator can be contacted over Bluetooth Smart (Bluetooth Low Energy / BLE).

BouncyCastleAesCbcBytesEncryptor - Class in org.springframework.security.crypto.encrypt

An Encryptor equivalent to AesBytesEncryptor using AesBytesEncryptor.CipherAlgorithm.CBC that uses Bouncy Castle instead of JCE.

BouncyCastleAesCbcBytesEncryptor(String, CharSequence) - Constructor for class org.springframework.security.crypto.encrypt.BouncyCastleAesCbcBytesEncryptor

BouncyCastleAesCbcBytesEncryptor(String, CharSequence, BytesKeyGenerator) - Constructor for class org.springframework.security.crypto.encrypt.BouncyCastleAesCbcBytesEncryptor

BouncyCastleAesGcmBytesEncryptor - Class in org.springframework.security.crypto.encrypt

An Encryptor equivalent to AesBytesEncryptor using AesBytesEncryptor.CipherAlgorithm.GCM that uses Bouncy Castle instead of JCE.

BouncyCastleAesGcmBytesEncryptor(String, CharSequence) - Constructor for class org.springframework.security.crypto.encrypt.BouncyCastleAesGcmBytesEncryptor

BouncyCastleAesGcmBytesEncryptor(String, CharSequence, BytesKeyGenerator) - Constructor for class org.springframework.security.crypto.encrypt.BouncyCastleAesGcmBytesEncryptor

build() - Method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl.Builder

Builds and returns a RoleHierarchyImpl describing the defined role hierarchy.

build() - Method in class org.springframework.security.config.annotation.AbstractSecurityBuilder

build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec

build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.BasicAuthenticationSpec

build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity

build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.JwtSpec

build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.SimpleAuthenticationSpec

build() - Method in interface org.springframework.security.config.annotation.SecurityBuilder

Builds the object and returns it or null.

build() - Method in class org.springframework.security.config.observation.SecurityObservationSettings.Builder

build() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Builds the SecurityWebFilterChain

build() - Method in class org.springframework.security.core.userdetails.User.UserBuilder

build() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder

build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext.Builder

Builds a new OAuth2AuthorizationContext.

build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.AuthorizationCodeGrantBuilder

Builds an instance of AuthorizationCodeOAuth2AuthorizedClientProvider.

build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder

Builds an instance of DelegatingOAuth2AuthorizedClientProvider composed of one or more OAuth2AuthorizedClientProvider(s).

build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder

Builds an instance of ClientCredentialsOAuth2AuthorizedClientProvider.

build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder

Builds an instance of PasswordOAuth2AuthorizedClientProvider.

build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder

Builds an instance of RefreshTokenOAuth2AuthorizedClientProvider.

build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest.Builder

Builds a new OAuth2AuthorizeRequest.

build() - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder

build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.AuthorizationCodeGrantBuilder

Builds an instance of AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.

build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder

Builds an instance of DelegatingReactiveOAuth2AuthorizedClientProvider composed of one or more ReactiveOAuth2AuthorizedClientProvider(s).

build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder

Builds an instance of ClientCredentialsReactiveOAuth2AuthorizedClientProvider.

build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder

Builds an instance of PasswordReactiveOAuth2AuthorizedClientProvider.

build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder

Builds an instance of RefreshTokenReactiveOAuth2AuthorizedClientProvider.

build() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder

Builds a new ClientRegistration.

build() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder

Builds a new OAuth2AccessTokenResponse.

build() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder

Builds a new OAuth2AuthorizationRequest.

build() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder

Builds a new OAuth2AuthorizationResponse.

build() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse.Builder

Builds a new OAuth2DeviceAuthorizationResponse.

build() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder

Builds a new DefaultAddressStandardClaim.

build() - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder

Build the OidcIdToken

build() - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Build the OidcUserInfo

build() - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder

Builds a new JwsHeader.

build() - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder

Build the Jwt

build() - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder

Builds a new JwtClaimsSet.

build() - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder

Build the configured NimbusJwtDecoder.

build() - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.PublicKeyJwtDecoderBuilder

Build the configured NimbusJwtDecoder.

build() - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.SecretKeyJwtDecoderBuilder

Build the configured NimbusJwtDecoder.

build() - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder

Build the configured NimbusReactiveJwtDecoder.

build() - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder

Build the configured NimbusReactiveJwtDecoder.

build() - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder

Build the configured NimbusReactiveJwtDecoder.

build() - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder

Build the configured NimbusReactiveJwtDecoder.

build() - Method in class org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager.Builder

build() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder

Build the Saml2LogoutRequest

build() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder

Build the Saml2LogoutResponse

build() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult.Builder

build() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest.Builder

Constructs an immutable Saml2PostAuthenticationRequest object.

build() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest.Builder

Constructs an immutable Saml2RedirectAuthenticationRequest object.

build() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder

Creates an immutable ProviderDetails object representing the configuration for an Identity Provider, IDP

build() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder

Build an OpenSamlAssertingPartyDetails

build() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder

Deprecated.

Build an OpenSamlRelyingPartyRegistration OpenSamlRelyingPartyRegistration

build() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder

Creates an immutable ProviderDetails object representing the configuration for an Identity Provider, IDP

build() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder

Constructs a RelyingPartyRegistration object based on the builder configurations

build() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder

Creates a RequestMatcherDelegatingAuthorizationManager instance.

build() - Method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver.Builder

Creates a RequestMatcherDelegatingAuthenticationManagerResolver instance.

build() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

build() - Method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.Builder

Creates a ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver instance.

build() - Method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager.Builder

build() - Method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder

build() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder

Builds the AuthenticatorAssertionResponse

build() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse.AuthenticatorAttestationResponseBuilder

Builds a AuthenticatorAssertionResponse.

build() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria.AuthenticatorSelectionCriteriaBuilder

Builds a AuthenticatorSelectionCriteria

build() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder

build() - Method in class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.PublicKeyCredentialUserEntityBuilder

Builds a new PublicKeyCredentialUserEntity

build() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential.PublicKeyCredentialBuilder

Creates a new PublicKeyCredential

build() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder

Builds a new PublicKeyCredentialCreationOptions

build() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor.PublicKeyCredentialDescriptorBuilder

Create a new PublicKeyCredentialDescriptor

build() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder

Builds a new PublicKeyCredentialRequestOptions

build() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRpEntity.PublicKeyCredentialRpEntityBuilder

Creates a new PublicKeyCredentialRpEntity.

buildDetails(C) - Method in interface org.springframework.security.authentication.AuthenticationDetailsSource

Called by a class when it wishes a new authentication details instance to be created.

buildDetails(HttpServletRequest) - Method in class org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource

buildDetails(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource

Builds the authentication details object.

buildDetails(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedWebAuthenticationDetailsSource

buildDetails(HttpServletRequest) - Method in class org.springframework.security.web.authentication.WebAuthenticationDetailsSource

buildDn(String) - Method in class org.springframework.security.ldap.DefaultLdapUsernameToDnMapper

Deprecated.

Use DefaultLdapUsernameToDnMapper.buildLdapName(String) instead

buildDn(String) - Method in interface org.springframework.security.ldap.LdapUsernameToDnMapper

Deprecated.

Use LdapUsernameToDnMapper.buildLdapName(String) instead

builder() - Static method in class org.springframework.security.core.userdetails.User

Creates a UserBuilder

builder() - Static method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager

Creates a builder for MessageMatcherDelegatingAuthorizationManager.

builder() - Static method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder

Returns a new OAuth2AuthorizedClientProviderBuilder for configuring the supported authorization grant(s).

builder() - Static method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder

Returns a new ReactiveOAuth2AuthorizedClientProviderBuilder for configuring the supported authorization grant(s).

builder() - Static method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo

Create a OidcUserInfo.Builder

builder() - Static method in class org.springframework.security.oauth2.jwt.JwtClaimsSet

Returns a new JwtClaimsSet.Builder.

builder() - Static method in class org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager

builder() - Static method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager

Creates a builder for RequestMatcherDelegatingAuthorizationManager.

builder() - Static method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver

Creates a builder for RequestMatcherDelegatingAuthorizationManager.

builder() - Static method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver

Creates a builder for RequestMatcherDelegatingAuthorizationManager.

builder() - Static method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager

builder() - Static method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter

builder() - Static method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse

Creates a new AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder

builder() - Static method in class org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse

Creates a new instance.

builder() - Static method in class org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria

Creates a new AuthenticatorSelectionCriteria.AuthenticatorSelectionCriteriaBuilder

builder() - Static method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord

builder() - Static method in class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity

Create a new ImmutablePublicKeyCredentialUserEntity.PublicKeyCredentialUserEntityBuilder

builder() - Static method in class org.springframework.security.web.webauthn.api.PublicKeyCredential

Creates a new PublicKeyCredential.PublicKeyCredentialBuilder

builder() - Static method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions

Creates a new PublicKeyCredentialCreationOptions

builder() - Static method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor

Creates a new PublicKeyCredentialDescriptor.PublicKeyCredentialDescriptorBuilder

builder() - Static method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions

Creates a PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder

builder() - Static method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRpEntity

Creates a new PublicKeyCredentialRpEntity.PublicKeyCredentialRpEntityBuilder

Builder() - Constructor for class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder

Builder() - Constructor for class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder

Default constructor.

Builder() - Constructor for class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder

Deprecated.

Use Builder(RelyingPartyRegistration) instead

Builder() - Constructor for class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder

Builder() - Constructor for class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder

Builder() - Constructor for class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

Builder() - Constructor for class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder

Builder(String, AssertingPartyMetadata.Builder<?>) - Constructor for class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder

Builder(Map<String, Object>) - Constructor for class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder

Constructs and initializes the address attributes using the provided addressFields.

Builder(RelyingPartyRegistration) - Constructor for class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder

Creates a new Builder with relying party registration

Builder(HandlerMappingIntrospector) - Constructor for class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher.Builder

Construct a new instance of this builder

buildFromMask(int) - Method in class org.springframework.security.acls.domain.DefaultPermissionFactory

buildFromMask(int) - Method in interface org.springframework.security.acls.domain.PermissionFactory

Dynamically creates a CumulativePermission or BasePermission representing the active bits in the passed mask.

buildFromName(String) - Method in class org.springframework.security.acls.domain.DefaultPermissionFactory

buildFromName(String) - Method in interface org.springframework.security.acls.domain.PermissionFactory

buildFromNames(List<String>) - Method in class org.springframework.security.acls.domain.DefaultPermissionFactory

buildFromNames(List<String>) - Method in interface org.springframework.security.acls.domain.PermissionFactory

buildFullRequestUrl(HttpServletRequest) - Static method in class org.springframework.security.web.util.UrlUtils

buildFullRequestUrl(String, String, int, String, String) - Static method in class org.springframework.security.web.util.UrlUtils

Obtains the full URL the client used to make the request.

buildGroupDn(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

Deprecated.

buildGroupName(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

buildHttpsRedirectUrlForRequest(HttpServletRequest) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

Builds a URL to redirect the supplied request to HTTPS.

buildLdapName(String) - Method in class org.springframework.security.ldap.DefaultLdapUsernameToDnMapper

buildLdapName(String) - Method in interface org.springframework.security.ldap.LdapUsernameToDnMapper

buildRedirectUrlToLoginPage(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

buildRequest(ServletContext) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder

buildRequest(ServletContext) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.LogoutRequestBuilder

buildRequestUrl(HttpServletRequest) - Static method in class org.springframework.security.web.util.UrlUtils

Obtains the web application-specific fragment of the request URL.

buildRunAs(Authentication, Object, Collection<ConfigAttribute>) - Method in interface org.springframework.security.access.intercept.RunAsManager

Deprecated.

Returns a replacement Authentication object for the current secure object invocation, or null if replacement not required.

buildRunAs(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.intercept.RunAsManagerImpl

Deprecated.

Bytes - Class in org.springframework.security.web.webauthn.api

An object representation of byte[].

Bytes(byte[]) - Constructor for class org.springframework.security.web.webauthn.api.Bytes

Creates a new instance

BytesEncryptor - Interface in org.springframework.security.crypto.encrypt

Service interface for symmetric data encryption.

BytesKeyGenerator - Interface in org.springframework.security.crypto.keygen

A generator for unique byte array-based keys.

C

C_HASH - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames

c_hash - the Authorization Code hash value

cache() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.cache(Customizer) or cache(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

cache(Cache) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder

Use the given Cache to store JWK Set.

cache(Customizer<ServerHttpSecurity.HeaderSpec.CacheSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures cache control headers

CACHE - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive

CACHE - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive

CACHE_CONTRTOL_VALUE - Static variable in class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter

The value for cache control value

cacheControl() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.cacheControl(Customizer) or cacheControl(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

cacheControl(Customizer<HeadersConfigurer.CacheControlConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows customizing the CacheControlHeadersWriter.

CacheControlHeadersWriter - Class in org.springframework.security.web.header.writers

Inserts headers to prevent caching if no cache control headers have been specified.

CacheControlHeadersWriter() - Constructor for class org.springframework.security.web.header.writers.CacheControlHeadersWriter

Creates a new instance

CacheControlServerHttpHeadersWriter - Class in org.springframework.security.web.server.header

Writes cache control related headers.

CacheControlServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter

cachePermissionsFor(Authentication, Collection<?>) - Method in interface org.springframework.security.access.PermissionCacheOptimizer

Optimises the permission cache for anticipated operation on the supplied collection of objects.

cachePermissionsFor(Authentication, Collection<?>) - Method in class org.springframework.security.acls.AclPermissionCacheOptimizer

CACHING_SUFFIX - Static variable in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser

CachingRelyingPartyRegistrationRepository - Class in org.springframework.security.saml2.provider.service.registration

An IterableRelyingPartyRegistrationRepository that lazily queries and caches metadata from a backing IterableRelyingPartyRegistrationRepository.

CachingRelyingPartyRegistrationRepository(Callable<IterableRelyingPartyRegistrationRepository>) - Constructor for class org.springframework.security.saml2.provider.service.registration.CachingRelyingPartyRegistrationRepository

CachingUserDetailsService - Class in org.springframework.security.authentication

Implementation of UserDetailsService that utilizes caching through a UserCache

CachingUserDetailsService(UserDetailsService) - Constructor for class org.springframework.security.authentication.CachingUserDetailsService

calculateLoginLifetime(HttpServletRequest, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices

Calculates the validity period in seconds for a newly generated remember-me login.

calculateRedirectUrl(String, String) - Method in class org.springframework.security.web.DefaultRedirectStrategy

call() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextCallable

cancelCookie(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

Sets a "cancel cookie" (with maxAge = 0) on the response to disable persistent logins.

canDecrypt() - Method in class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

canRead(Class<?>, MediaType) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter

canWrite(Class<?>, MediaType) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter

CAS_GATEWAY_AUTHENTICATION_ATTR - Static variable in class org.springframework.security.cas.web.CasGatewayAuthenticationRedirectFilter

CasAssertionAuthenticationToken - Class in org.springframework.security.cas.authentication

Temporary authentication object needed to load the user details service.

CasAssertionAuthenticationToken(Assertion, String) - Constructor for class org.springframework.security.cas.authentication.CasAssertionAuthenticationToken

CasAuthenticationEntryPoint - Class in org.springframework.security.cas.web

Used by the ExceptionTranslationFilter to commence authentication via the JA-SIG Central Authentication Service (CAS).

CasAuthenticationEntryPoint() - Constructor for class org.springframework.security.cas.web.CasAuthenticationEntryPoint

CasAuthenticationFilter - Class in org.springframework.security.cas.web

Processes a CAS service ticket, obtains proxy granting tickets, and processes proxy tickets.

CasAuthenticationFilter() - Constructor for class org.springframework.security.cas.web.CasAuthenticationFilter

CasAuthenticationProvider - Class in org.springframework.security.cas.authentication

An AuthenticationProvider implementation that integrates with JA-SIG Central Authentication Service (CAS).

CasAuthenticationProvider() - Constructor for class org.springframework.security.cas.authentication.CasAuthenticationProvider

CasAuthenticationToken - Class in org.springframework.security.cas.authentication

Represents a successful CAS Authentication.

CasAuthenticationToken(String, Object, Object, Collection<? extends GrantedAuthority>, UserDetails, Assertion) - Constructor for class org.springframework.security.cas.authentication.CasAuthenticationToken

Constructor.

CasGatewayAuthenticationRedirectFilter - Class in org.springframework.security.cas.web

Redirects the request to the CAS server appending gateway=true to the URL.

CasGatewayAuthenticationRedirectFilter(String, ServiceProperties) - Constructor for class org.springframework.security.cas.web.CasGatewayAuthenticationRedirectFilter

Constructs a new instance of this class

CasGatewayResolverRequestMatcher - Class in org.springframework.security.cas.web

A RequestMatcher implementation that delegates the check to an instance of GatewayResolver.

CasGatewayResolverRequestMatcher(ServiceProperties) - Constructor for class org.springframework.security.cas.web.CasGatewayResolverRequestMatcher

CasJackson2Module - Class in org.springframework.security.cas.jackson2

Jackson module for spring-security-cas.

CasJackson2Module() - Constructor for class org.springframework.security.cas.jackson2.CasJackson2Module

CasServiceTicketAuthenticationToken - Class in org.springframework.security.cas.authentication

An Authentication implementation that is designed to process CAS service ticket.

CasServiceTicketAuthenticationToken(String, Object) - Constructor for class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken

This constructor can be safely used by any code that wishes to create a CasServiceTicketAuthenticationToken, as the AbstractAuthenticationToken.isAuthenticated() will return false.

CasServiceTicketAuthenticationToken(String, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken

This constructor should only be used by AuthenticationManager or AuthenticationProvider implementations that are satisfied with producing a trusted (i.e.

CBC - Enum constant in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm

chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

Subclasses should implement this method for returning the object that is chained to the creation of the RequestMatcher instances.

chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer

chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer

chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry

Marks the RequestMatcher's as unmapped and then calls AbstractConfigAttributeRequestMatcherRegistry.chainRequestMatchersInternal(List).

chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry

chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry

Subclasses should implement this method for returning the object that is chained to the creation of the RequestMatcher instances.

chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry

chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry

Deprecated.

chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry

Deprecated.

challenge(Bytes) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder

Sets the PublicKeyCredentialCreationOptions.getChallenge() property.

challenge(Bytes) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder

Sets the PublicKeyCredentialRequestOptions.getChallenge() property.

CHANGE_AFTER_RESET - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus

CHANGE_AUDITING - Static variable in interface org.springframework.security.acls.domain.AclAuthorizationStrategy

CHANGE_GENERAL - Static variable in interface org.springframework.security.acls.domain.AclAuthorizationStrategy

CHANGE_OWNERSHIP - Static variable in interface org.springframework.security.acls.domain.AclAuthorizationStrategy

changePassword(String, String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

Changes the password for the current user.

changePassword(String, String) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager

changePassword(String, String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

changePassword(String, String) - Method in interface org.springframework.security.provisioning.UserDetailsManager

Modify the current user's password.

changePasswordPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer

Sets the change password page.

changePasswordPage(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec

Sets the change password page.

changeSessionId() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer

Specifies that the Servlet container-provided session fixation protection should be used.

ChangeSessionIdAuthenticationStrategy - Class in org.springframework.security.web.authentication.session

Uses HttpServletRequest.changeSessionId() to protect against session fixation attacks.

ChangeSessionIdAuthenticationStrategy() - Constructor for class org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy

ChannelAttributeFactory - Class in org.springframework.security.config.http

Used as a factory bean to create config attribute values for the requires-channel attribute.

ChannelDecisionManager - Interface in org.springframework.security.web.access.channel

Decides whether a web channel provides sufficient security.

ChannelDecisionManagerImpl - Class in org.springframework.security.web.access.channel

Implementation of ChannelDecisionManager.

ChannelDecisionManagerImpl() - Constructor for class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl

ChannelEntryPoint - Interface in org.springframework.security.web.access.channel

May be used by a ChannelProcessor to launch a web channel.

ChannelProcessingFilter - Class in org.springframework.security.web.access.channel

Ensures a web request is delivered over the required channel.

ChannelProcessingFilter() - Constructor for class org.springframework.security.web.access.channel.ChannelProcessingFilter

ChannelProcessor - Interface in org.springframework.security.web.access.channel

Decides whether a web channel meets a specific security condition.

channelProcessors(List<ChannelProcessor>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry

Sets the ChannelProcessor instances to use in ChannelDecisionManagerImpl

ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds channel security (i.e.

ChannelSecurityConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer

Creates a new instance

ChannelSecurityConfigurer.ChannelRequestMatcherRegistry - Class in org.springframework.security.config.annotation.web.configurers

ChannelSecurityConfigurer.RequiresChannelUrl - Class in org.springframework.security.config.annotation.web.configurers

ChannelSecurityInterceptor - Class in org.springframework.security.messaging.access.intercept

Deprecated.

Use AuthorizationChannelInterceptor instead

ChannelSecurityInterceptor(MessageSecurityMetadataSource) - Constructor for class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor

Deprecated.

Creates a new instance

check(String) - Method in interface org.springframework.security.authentication.password.CompromisedPasswordChecker

Check whether the password is compromised

check(String) - Method in interface org.springframework.security.authentication.password.ReactiveCompromisedPasswordChecker

Check whether the password is compromised

check(String) - Method in class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiPasswordChecker

check(String) - Method in class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiReactivePasswordChecker

check(Supplier<Authentication>, HttpServletRequest) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager

Deprecated.

please use AuthorizationManager.authorize(Supplier, Object) instead

check(Supplier<Authentication>, Collection<String>) - Method in class org.springframework.security.authorization.AuthoritiesAuthorizationManager

Determines if the current user is authorized by evaluating if the Authentication contains any of specified authorities.

check(Supplier<Authentication>, MethodInvocation) - Method in class org.springframework.security.authorization.method.Jsr250AuthorizationManager

Deprecated.

please use AuthorizationManager.authorize(Supplier, Object) instead

check(Supplier<Authentication>, MethodInvocation) - Method in class org.springframework.security.authorization.method.MethodExpressionAuthorizationManager

Determines the access by evaluating the provided expression.

check(Supplier<Authentication>, MethodInvocation) - Method in class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager

Determine if an Authentication has access to a method by evaluating an expression from the PreAuthorize annotation that the MethodInvocation specifies.

check(Supplier<Authentication>, MethodInvocation) - Method in class org.springframework.security.authorization.method.SecuredAuthorizationManager

Deprecated.

please use AuthorizationManager.authorize(Supplier, Object) instead

check(Supplier<Authentication>, Message<?>) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager

Deprecated.

please use AuthorizationManager.authorize(Supplier, Object) instead

check(Supplier<Authentication>, MethodInvocationResult) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager

Determine if an Authentication has access to the returned object by evaluating the PostAuthorize annotation that the MethodInvocation specifies.

check(Supplier<Authentication>, RequestAuthorizationContext) - Method in class org.springframework.security.web.access.expression.WebExpressionAuthorizationManager

Determines the access by evaluating the provided expression.

check(Supplier<Authentication>, RequestAuthorizationContext) - Method in class org.springframework.security.web.access.IpAddressAuthorizationManager

check(Supplier<Authentication>, T) - Method in class org.springframework.security.authorization.AuthenticatedAuthorizationManager

Determines if the current user is authorized according to the given strategy.

check(Supplier<Authentication>, T) - Method in class org.springframework.security.authorization.AuthorityAuthorizationManager

Deprecated.

please use AuthorizationManager.authorize(Supplier, Object) instead

check(Supplier<Authentication>, T) - Method in interface org.springframework.security.authorization.AuthorizationManager

Deprecated.

please use AuthorizationManager.authorize(Supplier, Object) instead

check(Supplier<Authentication>, T) - Method in class org.springframework.security.authorization.ObservationAuthorizationManager

Deprecated.

please use AuthorizationManager.authorize(Supplier, Object) instead

check(UserDetails) - Method in class org.springframework.security.authentication.AccountStatusUserDetailsChecker

check(UserDetails) - Method in interface org.springframework.security.core.userdetails.UserDetailsChecker

Examines the User

check(Mono<Authentication>, MethodInvocation) - Method in class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager

Determines if an Authentication has access to the MethodInvocation by evaluating an expression from the PreAuthorize annotation.

check(Mono<Authentication>, MethodInvocationResult) - Method in class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager

Determines if an Authentication has access to the returned object from the MethodInvocation by evaluating an expression from the PostAuthorize annotation.

check(Mono<Authentication>, PayloadExchange) - Method in class org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager

Deprecated.

please use ReactiveAuthorizationManager.authorize(Mono, Object) instead

check(Mono<Authentication>, AuthorizationContext) - Method in class org.springframework.security.web.server.authorization.IpAddressReactiveAuthorizationManager

check(Mono<Authentication>, ServerWebExchange) - Method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager

Deprecated.

please use ReactiveAuthorizationManager.authorize(Mono, Object) instead

check(Mono<Authentication>, T) - Method in class org.springframework.security.authorization.AuthenticatedReactiveAuthorizationManager

check(Mono<Authentication>, T) - Method in class org.springframework.security.authorization.AuthorityReactiveAuthorizationManager

check(Mono<Authentication>, T) - Method in class org.springframework.security.authorization.ObservationReactiveAuthorizationManager

Deprecated.

please use ReactiveAuthorizationManager.authorize(Mono, Object) instead

check(Mono<Authentication>, T) - Method in interface org.springframework.security.authorization.ReactiveAuthorizationManager

Deprecated.

please use ReactiveAuthorizationManager.authorize(Mono, Object) instead

checkAllowIfAllAbstainDecisions() - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager

Deprecated.

checkpw(byte[], String) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt

Check that a password (as a byte array) matches a previously hashed one

checkpw(String, String) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt

Check that a plaintext password matches a previously hashed one

ChildAuthenticationManagerFactoryBean(List<AuthenticationProvider>, AuthenticationManager) - Constructor for class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean

ChildrenExistException - Exception in org.springframework.security.acls.model

Thrown if an Acl cannot be deleted because children Acls exist.

ChildrenExistException(String) - Constructor for exception org.springframework.security.acls.model.ChildrenExistException

Constructs an ChildrenExistException with the specified message.

ChildrenExistException(String, Throwable) - Constructor for exception org.springframework.security.acls.model.ChildrenExistException

Constructs an ChildrenExistException with the specified message and root cause.

ciRegex - Enum constant in enum class org.springframework.security.config.http.MatcherType

claim(String, Object) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder

Use this claim in the resulting OidcLogoutToken

claim(String, Object) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder

Use this claim in the resulting OidcIdToken

claim(String, Object) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Use this claim in the resulting OidcUserInfo

claim(String, Object) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder

Use this claim in the resulting Jwt

claim(String, Object) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder

Sets the claim.

ClaimAccessor - Interface in org.springframework.security.oauth2.core

An "accessor" for a set of claims that may be used for assertions.

ClaimConversionService - Class in org.springframework.security.oauth2.core.converter

A ConversionService configured with converters that provide type conversion for claim values.

claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder

Provides access to every OidcLogoutToken.Builder.claim(String, Object) declared so far with the possibility to add, replace, or remove.

claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder

Provides access to every OidcIdToken.Builder.claim(String, Object) declared so far with the possibility to add, replace, or remove.

claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Provides access to every OidcUserInfo.Builder.claim(String, Object) declared so far with the possibility to add, replace, or remove.

claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder

Provides access to every Jwt.Builder.claim(String, Object) declared so far with the possibility to add, replace, or remove.

claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder

A Consumer to be provided access to the claims allowing the ability to add, replace, or remove.

ClaimTypeConverter - Class in org.springframework.security.oauth2.core.converter

A Converter that provides type conversion for claim values.

ClaimTypeConverter(Map<String, Converter<Object, ?>>) - Constructor for class org.springframework.security.oauth2.core.converter.ClaimTypeConverter

Constructs a ClaimTypeConverter using the provided parameters.

cleanupExpiredTokens() - Method in class org.springframework.security.authentication.ott.JdbcOneTimeTokenService

clear() - Method in class org.springframework.security.acls.domain.CumulativePermission

clear(Permission) - Method in class org.springframework.security.acls.domain.CumulativePermission

CLEAR_SITE_DATA_HEADER - Static variable in class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter

clearAuthentication(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

Specifies if SecurityContextLogoutHandler should clear the Authentication at the time of logout.

clearAuthenticationAttributes(HttpServletRequest) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler

Removes temporary authentication-related data which may have been stored in the session during the authentication process.

clearCache() - Method in class org.springframework.security.acls.domain.SpringCacheBasedAclCache

clearCache() - Method in interface org.springframework.security.acls.model.AclCache

clearContext() - Method in class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy

Clears the current context.

clearContext() - Static method in class org.springframework.security.core.context.ReactiveSecurityContextHolder

Clears the Mono<SecurityContext> from Reactor Context

clearContext() - Static method in class org.springframework.security.core.context.SecurityContextHolder

Explicitly clears the context value from the current thread.

clearContext() - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy

Clears the current context.

clearContext() - Static method in class org.springframework.security.test.context.TestSecurityContextHolder

Clears the SecurityContext from TestSecurityContextHolder and SecurityContextHolder.

clearContext() - Method in class org.springframework.security.test.context.TestSecurityContextHolderStrategyAdapter

ClearSiteDataHeaderWriter - Class in org.springframework.security.web.header.writers

Provides support for Clear Site Data.

ClearSiteDataHeaderWriter(ClearSiteDataHeaderWriter.Directive...) - Constructor for class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter

Creates a new instance of ClearSiteDataHeaderWriter with given sources.

ClearSiteDataHeaderWriter.Directive - Enum Class in org.springframework.security.web.header.writers

Represents the directive values expected by the ClearSiteDataHeaderWriter.

ClearSiteDataServerHttpHeadersWriter - Class in org.springframework.security.web.server.header

Writes the Clear-Site-Data response header when the request is secure.

ClearSiteDataServerHttpHeadersWriter(ClearSiteDataServerHttpHeadersWriter.Directive...) - Constructor for class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter

Constructs a new instance using the given directives.

ClearSiteDataServerHttpHeadersWriter.Directive - Enum Class in org.springframework.security.web.server.header

Represents the directive values expected by the ClearSiteDataServerHttpHeadersWriter

CLIENT_ASSERTION - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

client_assertion - used in Access Token Request.

CLIENT_ASSERTION_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

client_assertion_type - used in Access Token Request.

CLIENT_CREDENTIALS - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType

CLIENT_ID - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

client_id - used in Authorization Request and Access Token Request.

CLIENT_ID - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames

client_id - The Client identifier for the token

CLIENT_REGISTRATIONS - Static variable in class org.springframework.security.config.Elements

CLIENT_SECRET - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

client_secret - used in Access Token Request.

CLIENT_SECRET_BASIC - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod

CLIENT_SECRET_JWT - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod

CLIENT_SECRET_POST - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod

clientAuthenticationMethod(ClientAuthenticationMethod) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder

Sets the authentication method used when authenticating the client with the authorization server.

ClientAuthenticationMethod - Class in org.springframework.security.oauth2.core

The authentication method used when authenticating the client with the authorization server.

ClientAuthenticationMethod(String) - Constructor for class org.springframework.security.oauth2.core.ClientAuthenticationMethod

Constructs a ClientAuthenticationMethod using the provided value.

ClientAuthorizationException - Exception in org.springframework.security.oauth2.client

This exception is thrown on the client side when an attempt to authenticate or authorize an OAuth 2.0 client fails.

ClientAuthorizationException(OAuth2Error, String) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationException

Constructs a ClientAuthorizationException using the provided parameters.

ClientAuthorizationException(OAuth2Error, String, String) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationException

Constructs a ClientAuthorizationException using the provided parameters.

ClientAuthorizationException(OAuth2Error, String, String, Throwable) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationException

Constructs a ClientAuthorizationException using the provided parameters.

ClientAuthorizationException(OAuth2Error, String, Throwable) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationException

Constructs a ClientAuthorizationException using the provided parameters.

ClientAuthorizationRequiredException - Exception in org.springframework.security.oauth2.client

This exception is thrown when an OAuth 2.0 Client is required to obtain authorization from the Resource Owner.

ClientAuthorizationRequiredException(String) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationRequiredException

Constructs a ClientAuthorizationRequiredException using the provided parameters.

clientCredentials() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder

Configures support for the client_credentials grant.

clientCredentials() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder

Configures support for the client_credentials grant.

clientCredentials(Consumer<OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder

Configures support for the client_credentials grant.

clientCredentials(Consumer<ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder

Configures support for the client_credentials grant.

ClientCredentialsOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client

An implementation of an OAuth2AuthorizedClientProvider for the client_credentials grant.

ClientCredentialsOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider

ClientCredentialsReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client

An implementation of a ReactiveOAuth2AuthorizedClientProvider for the client_credentials grant.

ClientCredentialsReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider

clientDataJSON(Bytes) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder

Set the AuthenticatorResponse.getClientDataJSON() property

clientDataJSON(Bytes) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse.AuthenticatorAttestationResponseBuilder

Sets the AuthenticatorResponse.getClientDataJSON() property.

clientExtensionResults(AuthenticationExtensionsClientOutputs) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential.PublicKeyCredentialBuilder

Sets the PublicKeyCredential.getClientExtensionResults() property.

clientId(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder

Sets the client identifier.

clientId(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder

Sets the client identifier.

clientName(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder

Sets the logical name of the client or registration.

clientRegistration(Consumer<ClientRegistration.Builder>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator

Use this Consumer to configure a ClientRegistration

clientRegistration(Consumer<ClientRegistration.Builder>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor

Use this Consumer to configure a ClientRegistration

clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator

Use this ClientRegistration

clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator

Use the provided ClientRegistration as the client to authorize.

clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator

Use the provided ClientRegistration as the client to authorize.

clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor

Use this ClientRegistration

clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor

Use the provided ClientRegistration as the client to authorize.

clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor

Use the provided ClientRegistration as the client to authorize.

ClientRegistration - Class in org.springframework.security.oauth2.client.registration

A representation of a client registration with an OAuth 2.0 or OpenID Connect 1.0 Provider.

ClientRegistration.Builder - Class in org.springframework.security.oauth2.client.registration

A builder for ClientRegistration.

ClientRegistration.ProviderDetails - Class in org.springframework.security.oauth2.client.registration

Details of the Provider.

ClientRegistration.ProviderDetails.UserInfoEndpoint - Class in org.springframework.security.oauth2.client.registration

Details of the UserInfo Endpoint.

clientRegistrationId(String) - Static method in class org.springframework.security.oauth2.client.web.client.RequestAttributeClientRegistrationIdResolver

Modifies the attributes to include the clientRegistrationId to be used to look up the OAuth2AuthorizedClient.

clientRegistrationId(String) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction

Modifies the ClientRequest.attributes() to include the ClientRegistration.getRegistrationId() to be used to look up the OAuth2AuthorizedClient.

clientRegistrationId(String) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction

Modifies the ClientRequest.attributes() to include the ClientRegistration.getRegistrationId() to be used to look up the OAuth2AuthorizedClient.

clientRegistrationRepository - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper

clientRegistrationRepository - Variable in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService

clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer

Sets the repository of client registrations.

clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Sets the repository of client registrations.

clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer

Sets the repository of client registrations.

clientRegistrationRepository(ReactiveClientRegistrationRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec

Configures the ReactiveClientRegistrationRepository.

clientRegistrationRepository(ReactiveClientRegistrationRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

clientRegistrationRepository(ReactiveClientRegistrationRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec

Configures the ReactiveClientRegistrationRepository.

ClientRegistrationRepository - Interface in org.springframework.security.oauth2.client.registration

A repository for OAuth 2.0 / OpenID Connect 1.0 ClientRegistration(s).

ClientRegistrations - Class in org.springframework.security.oauth2.client.registration

Allows creating a ClientRegistration.Builder from an OpenID Provider Configuration or Authorization Server Metadata based on provided issuer.

ClientRegistrationsBeanDefinitionParser - Class in org.springframework.security.config.oauth2.client

ClientRegistrationsBeanDefinitionParser() - Constructor for class org.springframework.security.config.oauth2.client.ClientRegistrationsBeanDefinitionParser

clientSecret(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder

Sets the client secret.

clock(Clock) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder

Sets the Clock used in Instant.now(Clock) when checking the access token expiry.

clock(Clock) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder

Sets the Clock used in Instant.now(Clock) when checking the access token expiry.

clock(Clock) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder

Sets the Clock used in Instant.now(Clock) when checking the access token expiry.

clock(Clock) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder

Sets the Clock used in Instant.now(Clock) when checking the access token expiry.

clock(Clock) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder

Sets the Clock used in Instant.now(Clock) when checking the access token expiry.

clock(Clock) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder

Sets the Clock used in Instant.now(Clock) when checking the access token expiry.

clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder

Sets the maximum acceptable clock skew, which is used when checking the access token expiry.

clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder

Sets the maximum acceptable clock skew, which is used when checking the access token expiry.

clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder

Sets the maximum acceptable clock skew, which is used when checking the access token expiry.

clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder

Sets the maximum acceptable clock skew, which is used when checking the access token expiry.

clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder

Sets the maximum acceptable clock skew, which is used when checking the access token expiry.

clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder

Sets the maximum acceptable clock skew, which is used when checking the access token expiry.

closeContext(Context) - Static method in class org.springframework.security.ldap.LdapUtils

closeEnumeration(NamingEnumeration) - Static method in class org.springframework.security.ldap.LdapUtils

code - Variable in class org.springframework.security.acls.domain.AbstractPermission

code(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder

Sets the authorization code.

CODE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType

CODE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

code - used in Authorization Response and Access Token Request.

CODE_CHALLENGE - Static variable in class org.springframework.security.oauth2.core.endpoint.PkceParameterNames

code_challenge - used in Authorization Request.

CODE_CHALLENGE_METHOD - Static variable in class org.springframework.security.oauth2.core.endpoint.PkceParameterNames

code_challenge_method - used in Authorization Request.

CODE_VERIFIER - Static variable in class org.springframework.security.oauth2.core.endpoint.PkceParameterNames

code_verifier - used in Token Request.

collectionFromMetadata(InputStream) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations

Return a Collection of RelyingPartyRegistration.Builders based off of the given SAML 2.0 Asserting Party (IDP) metadata.

collectionFromMetadataLocation(String) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations

Return a Collection of RelyingPartyRegistration.Builders based off of the given SAML 2.0 Asserting Party (IDP) metadata location.

commaSeparatedStringToAuthorityList(String) - Static method in class org.springframework.security.core.authority.AuthorityUtils

Creates a array of GrantedAuthority objects from a comma-separated string representation (e.g.

commence(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint

commence(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.access.channel.ChannelEntryPoint

Commences a secure channel.

commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint

commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint

Collect error details from the provided parameters and format according to RFC 6750, specifically error, error_description, error_uri, and scope.

commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint

commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.Http403ForbiddenEntryPoint

Always returns a 403 error code to the client.

commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.HttpStatusEntryPoint

commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

Performs the redirect (or forward) to the login form URL.

commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.NoOpAuthenticationEntryPoint

commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint

commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint

commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in interface org.springframework.security.web.AuthenticationEntryPoint

Commences an authentication scheme.

commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.oauth2.server.resource.web.server.BearerTokenServerAuthenticationEntryPoint

commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint

commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint

commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint

commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint

commence(ServerWebExchange, AuthenticationException) - Method in interface org.springframework.security.web.server.ServerAuthenticationEntryPoint

Initiates the authentication flow

commit() - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule

Authenticate the Subject (phase two) by adding the Spring Security Authentication to the Subject's principals.

CommonOAuth2Provider - Enum Class in org.springframework.security.config.oauth2.client

Common OAuth2 Providers that can be used to create builders pre-configured with sensible defaults for the HttpSecurity.oauth2Login() flow.

compare(String, String, Object) - Method in class org.springframework.security.ldap.SpringSecurityLdapTemplate

Performs an LDAP compare operation of the value of an attribute for a particular directory entry.

CompositeAccessDeniedHandler - Class in org.springframework.security.web.access

CompositeAccessDeniedHandler(Collection<AccessDeniedHandler>) - Constructor for class org.springframework.security.web.access.CompositeAccessDeniedHandler

CompositeAccessDeniedHandler(AccessDeniedHandler...) - Constructor for class org.springframework.security.web.access.CompositeAccessDeniedHandler

CompositeHeaderWriter - Class in org.springframework.security.web.header.writers

A HeaderWriter that delegates to several other HeaderWriters.

CompositeHeaderWriter(List<HeaderWriter>) - Constructor for class org.springframework.security.web.header.writers.CompositeHeaderWriter

Creates a new instance.

CompositeLogoutHandler - Class in org.springframework.security.web.authentication.logout

Performs a logout through all the LogoutHandler implementations.

CompositeLogoutHandler(List<LogoutHandler>) - Constructor for class org.springframework.security.web.authentication.logout.CompositeLogoutHandler

CompositeLogoutHandler(LogoutHandler...) - Constructor for class org.springframework.security.web.authentication.logout.CompositeLogoutHandler

CompositeRequestRejectedHandler - Class in org.springframework.security.web.firewall

A RequestRejectedHandler that delegates to several other RequestRejectedHandlers.

CompositeRequestRejectedHandler(RequestRejectedHandler...) - Constructor for class org.springframework.security.web.firewall.CompositeRequestRejectedHandler

Creates a new instance.

CompositeServerHttpHeadersWriter - Class in org.springframework.security.web.server.header

Combines multiple ServerHttpHeadersWriter instances into a single instance.

CompositeServerHttpHeadersWriter(List<ServerHttpHeadersWriter>) - Constructor for class org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter

CompositeServerHttpHeadersWriter(ServerHttpHeadersWriter...) - Constructor for class org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter

CompositeSessionAuthenticationStrategy - Class in org.springframework.security.web.authentication.session

A SessionAuthenticationStrategy that accepts multiple SessionAuthenticationStrategy implementations to delegate to.

CompositeSessionAuthenticationStrategy(List<SessionAuthenticationStrategy>) - Constructor for class org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy

CompromisedPasswordChecker - Interface in org.springframework.security.authentication.password

An API for checking if a password has been compromised.

CompromisedPasswordDecision - Class in org.springframework.security.authentication.password

CompromisedPasswordDecision(boolean) - Constructor for class org.springframework.security.authentication.password.CompromisedPasswordDecision

CompromisedPasswordException - Exception in org.springframework.security.authentication.password

Indicates that the provided password is compromised

CompromisedPasswordException(String) - Constructor for exception org.springframework.security.authentication.password.CompromisedPasswordException

CompromisedPasswordException(String, Throwable) - Constructor for exception org.springframework.security.authentication.password.CompromisedPasswordException

concat(Saml2Error) - Method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult

Return a new Saml2ResponseValidatorResult that contains both the given Saml2Error and the errors from the result

concat(Saml2ResponseValidatorResult) - Method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult

Return a new Saml2ResponseValidatorResult that contains the errors from the given Saml2ResponseValidatorResult as well as this result.

concatenate(byte[]...) - Static method in class org.springframework.security.crypto.util.EncodingUtils

Combine the individual byte arrays into one array.

CONCURRENT_SESSIONS - Static variable in class org.springframework.security.config.Elements

ConcurrentSessionControlAuthenticationStrategy - Class in org.springframework.security.web.authentication.session

Strategy which handles concurrent session-control.

ConcurrentSessionControlAuthenticationStrategy(SessionRegistry) - Constructor for class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy

ConcurrentSessionControlServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication

Controls the number of sessions a user can have concurrently authenticated in an application.

ConcurrentSessionControlServerAuthenticationSuccessHandler(ReactiveSessionRegistry, ServerMaximumSessionsExceededHandler) - Constructor for class org.springframework.security.web.server.authentication.ConcurrentSessionControlServerAuthenticationSuccessHandler

ConcurrentSessionFilter - Class in org.springframework.security.web.session

Filter required by concurrent session handling package.

ConcurrentSessionFilter(SessionRegistry) - Constructor for class org.springframework.security.web.session.ConcurrentSessionFilter

ConcurrentSessionFilter(SessionRegistry, String) - Constructor for class org.springframework.security.web.session.ConcurrentSessionFilter

Deprecated.

use ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy) with SimpleRedirectSessionInformationExpiredStrategy instead.

ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy) - Constructor for class org.springframework.security.web.session.ConcurrentSessionFilter

concurrentSessions(Customizer<ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec

Configures how many sessions are allowed for a given user.

ConcurrentSessionsSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec

ConfigAttribute - Interface in org.springframework.security.access

Stores a security system related configuration attribute.

configurationSource(CorsConfigurationSource) - Method in class org.springframework.security.config.annotation.web.configurers.CorsConfigurer

configurationSource(CorsConfigurationSource) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec

Configures the CorsConfigurationSource to be used

configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer

configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer

configure(B) - Method in interface org.springframework.security.config.annotation.SecurityConfigurer

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

configure(B) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter

configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer

configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer

configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer

configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer

Deprecated.

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.CorsConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2MetadataConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer

configure(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter

configure(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Deprecated.

Sub classes can override this method to register different types of authentication.

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec

configureClientInboundChannel(ChannelRegistration) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

Deprecated.

configureInbound(MessageSecurityMetadataSourceRegistry) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

Deprecated.

configureJaas(Resource) - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider

Hook method for configuring Jaas.

ConsensusBased - Class in org.springframework.security.access.vote

Deprecated.

Use AuthorizationManager instead

ConsensusBased(List<AccessDecisionVoter<?>>) - Constructor for class org.springframework.security.access.vote.ConsensusBased

Deprecated.

ConsoleAuditLogger - Class in org.springframework.security.acls.domain

A basic implementation of AuditLogger.

ConsoleAuditLogger() - Constructor for class org.springframework.security.acls.domain.ConsoleAuditLogger

consume(OneTimeTokenAuthenticationToken) - Method in class org.springframework.security.authentication.ott.InMemoryOneTimeTokenService

consume(OneTimeTokenAuthenticationToken) - Method in class org.springframework.security.authentication.ott.JdbcOneTimeTokenService

consume(OneTimeTokenAuthenticationToken) - Method in interface org.springframework.security.authentication.ott.OneTimeTokenService

Consumes a one-time token based on the provided authentication token.

consume(OneTimeTokenAuthenticationToken) - Method in class org.springframework.security.authentication.ott.reactive.InMemoryReactiveOneTimeTokenService

consume(OneTimeTokenAuthenticationToken) - Method in interface org.springframework.security.authentication.ott.reactive.ReactiveOneTimeTokenService

Consumes a one-time token based on the provided authentication token.

containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.DelegatingSecurityContextRepository

containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository

containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.NullSecurityContextRepository

containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository

containsContext(HttpServletRequest) - Method in interface org.springframework.security.web.context.SecurityContextRepository

Allows the repository to be queried as to whether it contains a security context for the current request.

containsMapping() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Deprecated.

Allows determining if a mapping was added.

CONTENT_SECURITY_POLICY - Static variable in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter

CONTENT_SECURITY_POLICY_REPORT_ONLY - Static variable in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter

contentSecurityPolicy(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.contentSecurityPolicy(Customizer) instead

contentSecurityPolicy(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.contentSecurityPolicy(Customizer) instead.

contentSecurityPolicy(Customizer<HeadersConfigurer.ContentSecurityPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows configuration for Content Security Policy (CSP) Level 2.

contentSecurityPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures Content-Security-Policy response header.

ContentSecurityPolicyHeaderWriter - Class in org.springframework.security.web.header.writers

Provides support for Content Security Policy (CSP) Level 2.

ContentSecurityPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter

Creates a new instance.

ContentSecurityPolicyHeaderWriter(String) - Constructor for class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter

Creates a new instance

ContentSecurityPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header

Writes the Content-Security-Policy response header with configured policy directives.

ContentSecurityPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter

contentType(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder

Sets the content type header that declares the media type of the secured content (the payload).

contentTypeOptions() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.contentTypeOptions(Customizer) or contentTypeOptions(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

contentTypeOptions() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.contentTypeOptions(Customizer) instead

contentTypeOptions(Customizer<HeadersConfigurer.ContentTypeOptionsConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Configures the XContentTypeOptionsHeaderWriter which inserts the X-Content-Type-Options:

contentTypeOptions(Customizer<ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures content type response headers

ContentTypeOptionsServerHttpHeadersWriter - Class in org.springframework.security.web.server.header

Adds X-Content-Type-Options: nosniff

ContentTypeOptionsServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter

CONTEXT_SOURCE - Static variable in class org.springframework.security.config.BeanIds

CONTEXT_SOURCE_SETTING_POST_PROCESSOR - Static variable in class org.springframework.security.config.BeanIds

contextSource() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

Allows easily configuring of a BaseLdapPathContextSource with defaults pointing to an embedded LDAP server that is created.

contextSource(BaseLdapPathContextSource) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

Specifies the BaseLdapPathContextSource to be used.

ContextSourceSettingPostProcessor - Class in org.springframework.security.config.ldap

Checks for the presence of a ContextSource instance.

conversionServicePostProcessor() - Static method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration

convert(HttpServletRequest) - Method in class org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver

convert(HttpServletRequest) - Method in class org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter

convert(HttpServletRequest) - Method in interface org.springframework.security.web.authentication.AuthenticationConverter

convert(HttpServletRequest) - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationConverter

convert(HttpServletRequest) - Method in class org.springframework.security.web.authentication.ott.OneTimeTokenAuthenticationConverter

convert(HttpServletRequest) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter

convert(String, OAuth2AuthenticatedPrincipal) - Method in interface org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenAuthenticationConverter

Converts a successful introspection result into an authentication result.

convert(String, OAuth2AuthenticatedPrincipal) - Method in interface org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenAuthenticationConverter

Converts a successful introspection result into an authentication result.

convert(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.converter.ClaimTypeConverter

convert(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.DefaultMapOAuth2AccessTokenResponseConverter

convert(Map<String, Object>) - Method in class org.springframework.security.oauth2.jwt.MappedJwtClaimSetConverter

convert(OAuth2UserRequest) - Method in class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequestEntityConverter

Returns the RequestEntity used for the UserInfo Request.

convert(OAuth2AccessTokenResponse) - Method in class org.springframework.security.oauth2.core.endpoint.DefaultOAuth2AccessTokenResponseMapConverter

convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.DelegatingJwtGrantedAuthoritiesConverter

Extract GrantedAuthoritys from the given Jwt.

convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.ExpressionJwtGrantedAuthoritiesConverter

Extract GrantedAuthoritys from the given Jwt.

convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter

convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtBearerTokenAuthenticationConverter

convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter

Extract GrantedAuthoritys from the given Jwt.

convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverter

convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter

convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtGrantedAuthoritiesConverterAdapter

convert(PayloadExchange) - Method in class org.springframework.security.rsocket.authentication.AuthenticationPayloadExchangeConverter

convert(PayloadExchange) - Method in class org.springframework.security.rsocket.authentication.BasicAuthenticationPayloadExchangeConverter

convert(PayloadExchange) - Method in class org.springframework.security.rsocket.authentication.BearerPayloadExchangeConverter

convert(PayloadExchange) - Method in interface org.springframework.security.rsocket.authentication.PayloadExchangeAuthenticationConverter

convert(ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationCodeAuthenticationTokenConverter

convert(ServerWebExchange) - Method in class org.springframework.security.oauth2.server.resource.web.server.authentication.ServerBearerTokenAuthenticationConverter

convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationConverter

convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ott.ServerOneTimeTokenAuthenticationConverter

convert(ServerWebExchange) - Method in interface org.springframework.security.web.server.authentication.ServerAuthenticationConverter

Converts a ServerWebExchange to an Authentication

convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerFormLoginAuthenticationConverter

convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerHttpBasicAuthenticationConverter

convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter

convert(TokenExchangeGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequestEntityConverter

convert(T) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultOAuth2TokenRequestHeadersConverter

Populates the default headers for the token request.

convert(T) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultOAuth2TokenRequestParametersConverter

convert(T) - Method in class org.springframework.security.oauth2.client.endpoint.NimbusJwtClientAuthenticationParametersConverter

convertPasswordToString(Object) - Static method in class org.springframework.security.ldap.LdapUtils

CookieClearingLogoutHandler - Class in org.springframework.security.web.authentication.logout

A logout handler which clears either - A defined list of cookie names, using the context path as the cookie path OR - A given list of Cookies

CookieClearingLogoutHandler(Cookie...) - Constructor for class org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler

CookieClearingLogoutHandler(String...) - Constructor for class org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler

CookieCsrfTokenRepository - Class in org.springframework.security.web.csrf

A CsrfTokenRepository that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS.

CookieCsrfTokenRepository() - Constructor for class org.springframework.security.web.csrf.CookieCsrfTokenRepository

CookieRequestCache - Class in org.springframework.security.web.savedrequest

An Implementation of RequestCache which saves the original request URI in a cookie.

CookieRequestCache() - Constructor for class org.springframework.security.web.savedrequest.CookieRequestCache

COOKIES - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive

COOKIES - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive

CookieServerCsrfTokenRepository - Class in org.springframework.security.web.server.csrf

A ServerCsrfTokenRepository that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS.

CookieServerCsrfTokenRepository() - Constructor for class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

CookieServerRequestCache - Class in org.springframework.security.web.server.savedrequest

An implementation of ServerRequestCache that saves the requested URI in a cookie.

CookieServerRequestCache() - Constructor for class org.springframework.security.web.server.savedrequest.CookieServerRequestCache

CookieTheftException - Exception in org.springframework.security.web.authentication.rememberme

CookieTheftException(String) - Constructor for exception org.springframework.security.web.authentication.rememberme.CookieTheftException

copyToContext(UserDetails, DirContextAdapter) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

CoreJackson2Module - Class in org.springframework.security.jackson2

Jackson module for spring-security-core.

CoreJackson2Module() - Constructor for class org.springframework.security.jackson2.CoreJackson2Module

cors() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.cors(Customizer) or cors(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

cors() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.cors(Customizer) or cors(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

cors(Customizer<CorsConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Adds a CorsFilter to be used.

cors(Customizer<ServerHttpSecurity.CorsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures CORS headers.

CORS - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

CorsWebFilter

CORS - Static variable in class org.springframework.security.config.Elements

CorsBeanDefinitionParser - Class in org.springframework.security.config.http

Parser for the CorsFilter.

CorsBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.CorsBeanDefinitionParser

CorsConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds CorsFilter to the Spring Security filter chain.

CorsConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.CorsConfigurer

Creates a new instance

COSEAlgorithmIdentifier - Class in org.springframework.security.web.webauthn.api

COSEAlgorithmIdentifier is used to identify a cryptographic algorithm.

country(String) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder

Sets the country.

create - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot

create(Object, String, Object...) - Static method in class org.springframework.security.util.MethodInvocationUtils

Generates a MethodInvocation for specified methodName on the passed object, using the args to locate the method.

create(Runnable, SecurityContext) - Static method in class org.springframework.security.concurrent.DelegatingSecurityContextRunnable

Factory method for creating a DelegatingSecurityContextRunnable.

create(Callable<V>, SecurityContext) - Static method in class org.springframework.security.concurrent.DelegatingSecurityContextCallable

Creates a DelegatingSecurityContextCallable and with the given Callable and SecurityContext, but if the securityContext is null will defaults to the current SecurityContext on the SecurityContextHolder

CREATE - Static variable in class org.springframework.security.acls.domain.BasePermission

CREATE_TABLE_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl

Default SQL for creating the database table to store the tokens

createAcl(ObjectIdentity) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

createAcl(ObjectIdentity) - Method in interface org.springframework.security.acls.model.MutableAclService

Creates an empty Acl object in the database.

createAuthentication(HttpServletRequest) - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter

createAuthentication(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter

createAuthenticationManager() - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory

Returns the configured AuthenticationManager that can be used to perform LDAP authentication.

createAuthority(Object) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper

Creates a GrantedAuthority from a role attribute.

createAuthorityList(String...) - Static method in class org.springframework.security.core.authority.AuthorityUtils

Converts authorities into a List of GrantedAuthority objects.

createAuthorityList(Collection<String>) - Static method in class org.springframework.security.core.authority.AuthorityUtils

Converts authorities into a List of GrantedAuthority objects.

createChannelAttributes(String) - Static method in class org.springframework.security.config.http.ChannelAttributeFactory

createCipher() - Method in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm

createCredentialRequestOptions(PublicKeyCredentialRequestOptionsRequest) - Method in class org.springframework.security.web.webauthn.management.Webauthn4JRelyingPartyOperations

createCredentialRequestOptions(PublicKeyCredentialRequestOptionsRequest) - Method in interface org.springframework.security.web.webauthn.management.WebAuthnRelyingPartyOperations

Creates the PublicKeyCredentialRequestOptions used to authenticate a user.

createCurrentUser(Authentication) - Method in class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl

Creates a principal-like sid from the authentication information.

created(Instant) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder

createDecoder(C) - Method in interface org.springframework.security.oauth2.jwt.JwtDecoderFactory

Creates a JwtDecoder using the supplied "contextual" type.

createDecoder(C) - Method in interface org.springframework.security.oauth2.jwt.ReactiveJwtDecoderFactory

Creates a ReactiveJwtDecoder using the supplied "contextual" type.

createDecoder(ClientRegistration) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory

createDecoder(ClientRegistration) - Method in class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory

createDefault() - Static method in class org.springframework.security.oauth2.jwt.JwtValidators

Create a Jwt Validator that contains all standard validators.

createDefaultClaimTypeConverter() - Static method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory

Returns the default Converter's used for type conversion of claim values for an OidcIdToken.

createDefaultClaimTypeConverters() - Static method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory

Returns the default Converter's used for type conversion of claim values for an OidcIdToken.

createDefaultClaimTypeConverters() - Static method in class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory

Returns the default Converter's used for type conversion of claim values for an OidcIdToken.

createDefaultClaimTypeConverters() - Static method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService

Returns the default Converter's used for type conversion of claim values for an OidcUserInfo.

createDefaultClaimTypeConverters() - Static method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService

Returns the default Converter's used for type conversion of claim values for an OidcUserInfo.

createDefaultLdapAuthenticator() - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory

Allows subclasses to supply the default AbstractLdapAuthenticator.

createDefaultLdapAuthenticator() - Method in class org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory

createDefaultLdapAuthenticator() - Method in class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory

createDefaultWithIssuer(String) - Static method in class org.springframework.security.oauth2.jwt.JwtValidators

Create a Jwt Validator that contains all standard validators when an issuer is known.

createDefaultWithValidators(List<OAuth2TokenValidator<Jwt>>) - Static method in class org.springframework.security.oauth2.jwt.JwtValidators

Create a Jwt default validator with standard validators and additional validators.

createDefaultWithValidators(OAuth2TokenValidator<Jwt>...) - Static method in class org.springframework.security.oauth2.jwt.JwtValidators

Create a Jwt default validator with standard validators and additional validators.

createDelegatingPasswordEncoder() - Static method in class org.springframework.security.crypto.factory.PasswordEncoderFactories

Creates a DelegatingPasswordEncoder with default mappings.

createELContext(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.ELRequestMatcher

Subclasses can override this methode if they want to use a different EL root context

createEmptyContext() - Method in class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy

Creates a new, empty context implementation, for use by SecurityContextRepository implementations, when creating a new context for the first time.

createEmptyContext() - Static method in class org.springframework.security.core.context.SecurityContextHolder

Delegates the creation of a new, empty context to the configured strategy.

createEmptyContext() - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy

Creates a new, empty context implementation, for use by SecurityContextRepository implementations, when creating a new context for the first time.

createEmptyContext() - Method in class org.springframework.security.test.context.TestSecurityContextHolderStrategyAdapter

createEntries(MutableAcl) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

Creates a new row in acl_entry for every ACE defined in the passed MutableAcl object.

createEvaluationContext(Supplier<Authentication>, MethodInvocation) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler

createEvaluationContext(Supplier<Authentication>, Message<T>) - Method in class org.springframework.security.messaging.access.expression.DefaultMessageSecurityExpressionHandler

createEvaluationContext(Supplier<Authentication>, MessageAuthorizationContext<?>) - Method in class org.springframework.security.messaging.access.expression.MessageAuthorizationContextSecurityExpressionHandler

createEvaluationContext(Supplier<Authentication>, RequestAuthorizationContext) - Method in class org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler

createEvaluationContext(Supplier<Authentication>, T) - Method in interface org.springframework.security.access.expression.SecurityExpressionHandler

Provides an evaluation context in which to evaluate security expressions for the invocation type.

createEvaluationContext(Authentication, MessageAuthorizationContext<?>) - Method in class org.springframework.security.messaging.access.expression.MessageAuthorizationContextSecurityExpressionHandler

createEvaluationContext(Authentication, T) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler

Invokes the internal template methods to create StandardEvaluationContext and SecurityExpressionRoot objects.

createEvaluationContext(Authentication, T) - Method in interface org.springframework.security.access.expression.SecurityExpressionHandler

Provides an evaluation context in which to evaluate security expressions for the invocation type.

createEvaluationContextInternal(Authentication, MethodInvocation) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler

Uses a MethodSecurityEvaluationContext as the EvaluationContext implementation.

createEvaluationContextInternal(Authentication, T) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler

Override to create a custom instance of StandardEvaluationContext.

createExpressionEvaluationContext(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag

Allows the EvaluationContext to be customized for variable lookup etc.

createExpressionEvaluationContext(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag

createExpressionHandler() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Deprecated.

Provide a MethodSecurityExpressionHandler that is registered with the ExpressionBasedPreInvocationAdvice.

createExpressionMessageMetadataSource(LinkedHashMap<MessageMatcher<?>, String>) - Static method in class org.springframework.security.messaging.access.expression.ExpressionBasedMessageSecurityMetadataSourceFactory

Deprecated.

Create a MessageSecurityMetadataSource that uses MessageMatcher mapped to Spring Expressions.

createExpressionMessageMetadataSource(LinkedHashMap<MessageMatcher<?>, String>, SecurityExpressionHandler<Message<Object>>) - Static method in class org.springframework.security.messaging.access.expression.ExpressionBasedMessageSecurityMetadataSourceFactory

Deprecated.

Create a MessageSecurityMetadataSource that uses MessageMatcher mapped to Spring Expressions.

createFromClass(Class<?>, String) - Static method in class org.springframework.security.util.MethodInvocationUtils

Generates a MethodInvocation for the specified methodName on the passed class.

createFromClass(Object, Class<?>, String, Class<?>[], Object[]) - Static method in class org.springframework.security.util.MethodInvocationUtils

Generates a MethodInvocation for specified methodName on the passed class, using the args to locate the method.

createGroup(String, List<GrantedAuthority>) - Method in interface org.springframework.security.provisioning.GroupManager

Creates a new group with the specified list of authorities.

createGroup(String, List<GrantedAuthority>) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

createList(String...) - Static method in class org.springframework.security.access.SecurityConfig

createListFromCommaDelimitedString(String) - Static method in class org.springframework.security.access.SecurityConfig

createLoginContext(CallbackHandler) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider

Creates the LoginContext to be used for authentication.

createLoginContext(CallbackHandler) - Method in class org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider

Creates a LoginContext using the Configuration that was specified in DefaultJaasAuthenticationProvider.setConfiguration(Configuration).

createLoginContext(CallbackHandler) - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider

createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Create the RequestMatcher given a loginProcessingUrl

createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer

createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

createMatcher(ParserContext, String, String) - Method in enum class org.springframework.security.config.http.MatcherType

createMatcher(ParserContext, String, String, String) - Method in enum class org.springframework.security.config.http.MatcherType

createMessageMatcher(String, PathMatcher) - Static method in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher

Creates a new instance with the specified pattern, SimpMessageType.MESSAGE, and PathMatcher.

createMetadataSource() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Deprecated.

Allows subclasses to create creating a MessageSecurityMetadataSource.

createMvcMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

Creates MvcRequestMatcher instances for the method and patterns passed in

createNewAuthentication(Authentication, String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

createNewToken(PersistentRememberMeToken) - Method in class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl

createNewToken(PersistentRememberMeToken) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl

createNewToken(PersistentRememberMeToken) - Method in interface org.springframework.security.web.authentication.rememberme.PersistentTokenRepository

createObjectIdentity(Serializable, String) - Method in class org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl

createObjectIdentity(Serializable, String) - Method in interface org.springframework.security.acls.model.ObjectIdentityGenerator

createObjectIdentity(ObjectIdentity, Sid) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

Creates an entry in the acl_object_identity table for the passed ObjectIdentity.

createOrRetrieveClassPrimaryKey(String, boolean, Class) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

Retrieves the primary key from acl_class, creating a new row if needed and the allowCreate property is true.

createOrRetrieveSidPrimaryKey(String, boolean, boolean) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is true.

createOrRetrieveSidPrimaryKey(Sid, boolean) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is true.

createParameters(JwtBearerGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.JwtBearerGrantRequestEntityConverter

Deprecated.

createParameters(OAuth2AuthorizationCodeGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequestEntityConverter

Deprecated.

createParameters(OAuth2ClientCredentialsGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequestEntityConverter

Deprecated.

createParameters(OAuth2PasswordGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequestEntityConverter

Deprecated.

createParameters(OAuth2RefreshTokenGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequestEntityConverter

Deprecated.

createParameters(TokenExchangeGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequestEntityConverter

Deprecated.

createPasswordEncoderBeanDefinition(String) - Static method in class org.springframework.security.config.authentication.PasswordEncoderParser

createPostInvocationAttribute(String, String) - Method in class org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory

Deprecated.

createPostInvocationAttribute(String, String) - Method in interface org.springframework.security.access.prepost.PrePostInvocationAttributeFactory

Deprecated.

createPreInvocationAttribute(String, String, String) - Method in class org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory

Deprecated.

createPreInvocationAttribute(String, String, String) - Method in interface org.springframework.security.access.prepost.PrePostInvocationAttributeFactory

Deprecated.

createPublicKeyCredentialCreationOptions(PublicKeyCredentialCreationOptionsRequest) - Method in class org.springframework.security.web.webauthn.management.Webauthn4JRelyingPartyOperations

createPublicKeyCredentialCreationOptions(PublicKeyCredentialCreationOptionsRequest) - Method in interface org.springframework.security.web.webauthn.management.WebAuthnRelyingPartyOperations

Creates the PublicKeyCredentialCreationOptions used to register new credentials.

createRedirectUrl(String) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint

Constructs the Url for Redirection to the CAS server.

createSecurityContext(A) - Method in interface org.springframework.security.test.context.support.WithSecurityContextFactory

Create a SecurityContext given an Annotation.

createSecurityExpressionRoot(Authentication, MethodInvocation) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler

Creates the root object for expression evaluation.

createSecurityExpressionRoot(Authentication, Message<T>) - Method in class org.springframework.security.messaging.access.expression.DefaultMessageSecurityExpressionHandler

createSecurityExpressionRoot(Authentication, RequestAuthorizationContext) - Method in class org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler

createSecurityExpressionRoot(Authentication, FilterInvocation) - Method in class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler

createSecurityExpressionRoot(Authentication, T) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler

Implement in order to create a root object of the correct type for the supported invocation type.

createServiceUrl(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint

Constructs a new Service Url.

createSid(boolean, String) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy

Creates a particular implementation of Sid depending on the arguments.

createSubscribeMatcher(String, PathMatcher) - Static method in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher

Creates a new instance with the specified pattern, SimpMessageType.SUBSCRIBE, and PathMatcher.

createSuccessAuthentication(Object, Authentication, UserDetails) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

Creates a successful Authentication object.

createSuccessAuthentication(Object, Authentication, UserDetails) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider

createSuccessfulAuthentication(HttpServletRequest, UserDetails) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

Creates the final Authentication object returned from the autoLogin method.

createSuccessfulAuthentication(UsernamePasswordAuthenticationToken, UserDetails) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

Creates the final Authentication object which will be returned from the authenticate method.

createTarget() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

createTarget() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence

createTarget() - Method in class org.springframework.security.ldap.userdetails.Person.Essence

createUser(UserDetails) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

createUser(UserDetails) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager

createUser(UserDetails) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

createUser(UserDetails) - Method in interface org.springframework.security.provisioning.UserDetailsManager

Create a new user with the supplied details.

createUserDetails() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence

createUserDetails() - Method in class org.springframework.security.ldap.userdetails.Person.Essence

createUserDetails(String, UserDetails, List<GrantedAuthority>) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

Can be overridden to customize the creation of the final UserDetailsObject which is returned by the loadUserByUsername method.

createUserDetails(Authentication, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService

Creates the final UserDetails object.

credentialId(Bytes) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder

CredentialPropertiesOutput - Class in org.springframework.security.web.webauthn.api

CredentialPropertiesOutput is the Client extension output.

CredentialPropertiesOutput(boolean) - Constructor for class org.springframework.security.web.webauthn.api.CredentialPropertiesOutput

Creates a new instance.

CredentialPropertiesOutput.ExtensionOutput - Class in org.springframework.security.web.webauthn.api

The output for CredentialPropertiesOutput

CredentialRecord - Interface in org.springframework.security.web.webauthn.api

Represents a Credential Record that is stored by the Relying Party after successful registration.

CredentialsContainer - Interface in org.springframework.security.core

Indicates that the implementing object contains sensitive data, which can be erased using the eraseCredentials method.

credentialsExpired(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder

Defines if the credentials are expired or not.

credentialsExpired(boolean) - Method in class org.springframework.security.core.userdetails.User.UserBuilder

Defines if the credentials are expired or not.

credentialsExpired(boolean) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator

CredentialsExpiredException - Exception in org.springframework.security.authentication

Thrown if an authentication request is rejected because the account's credentials have expired.

CredentialsExpiredException(String) - Constructor for exception org.springframework.security.authentication.CredentialsExpiredException

Constructs a CredentialsExpiredException with the specified message.

CredentialsExpiredException(String, Throwable) - Constructor for exception org.springframework.security.authentication.CredentialsExpiredException

Constructs a CredentialsExpiredException with the specified message and root cause.

credentialType(PublicKeyCredentialType) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder

credProps - Static variable in class org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInput

https://www.w3.org/TR/webauthn-3/#sctn-authenticator-credential-properties-extension

CredProtect(CredProtectAuthenticationExtensionsClientInput.CredProtect.ProtectionPolicy, boolean) - Constructor for class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput.CredProtect

CredProtectAuthenticationExtensionsClientInput - Class in org.springframework.security.web.webauthn.api

Implements Credential Protection (credProtect).

CredProtectAuthenticationExtensionsClientInput(CredProtectAuthenticationExtensionsClientInput.CredProtect) - Constructor for class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput

CredProtectAuthenticationExtensionsClientInput.CredProtect - Class in org.springframework.security.web.webauthn.api

CredProtectAuthenticationExtensionsClientInput.CredProtect.ProtectionPolicy - Enum Class in org.springframework.security.web.webauthn.api

CRIT - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames

crit - the critical header indicates that extensions to the JWS/JWE/JWA specifications are being used that MUST be understood and processed

criticalHeader(String, Object) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder

Sets the critical header that indicates which extensions to the JWS/JWE/JWA specifications are being used that MUST be understood and processed.

CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy

CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy

CROSS_PLATFORM - Static variable in class org.springframework.security.web.webauthn.api.AuthenticatorAttachment

Indicates cross-platform attachment.

crossOriginEmbedderPolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.crossOriginEmbedderPolicy(Customizer) instead

crossOriginEmbedderPolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.crossOriginEmbedderPolicy(Customizer) instead.

crossOriginEmbedderPolicy(Customizer<HeadersConfigurer.CrossOriginEmbedderPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows configuration for Cross-Origin-Embedder-Policy header.

crossOriginEmbedderPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures the Cross-Origin-Embedder-Policy header.

CrossOriginEmbedderPolicyConfig() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginEmbedderPolicyConfig

CrossOriginEmbedderPolicyHeaderWriter - Class in org.springframework.security.web.header.writers

Inserts Cross-Origin-Embedder-Policy header.

CrossOriginEmbedderPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter

CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy - Enum Class in org.springframework.security.web.header.writers

CrossOriginEmbedderPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header

Inserts Cross-Origin-Embedder-Policy headers.

CrossOriginEmbedderPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter

CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy - Enum Class in org.springframework.security.web.server.header

crossOriginOpenerPolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.crossOriginOpenerPolicy(Customizer) instead

crossOriginOpenerPolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.crossOriginOpenerPolicy(Customizer) instead.

crossOriginOpenerPolicy(Customizer<HeadersConfigurer.CrossOriginOpenerPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows configuration for Cross-Origin-Opener-Policy header.

crossOriginOpenerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures the Cross-Origin-Opener-Policy header.

CrossOriginOpenerPolicyConfig() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginOpenerPolicyConfig

CrossOriginOpenerPolicyHeaderWriter - Class in org.springframework.security.web.header.writers

Inserts the Cross-Origin-Opener-Policy header

CrossOriginOpenerPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter

CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy - Enum Class in org.springframework.security.web.header.writers

CrossOriginOpenerPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header

Inserts Cross-Origin-Opener-Policy header.

CrossOriginOpenerPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter

CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy - Enum Class in org.springframework.security.web.server.header

crossOriginResourcePolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.crossOriginResourcePolicy(Customizer) instead

crossOriginResourcePolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.crossOriginResourcePolicy(Customizer) instead.

crossOriginResourcePolicy(Customizer<HeadersConfigurer.CrossOriginResourcePolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows configuration for Cross-Origin-Resource-Policy header.

crossOriginResourcePolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures the Cross-Origin-Resource-Policy header.

CrossOriginResourcePolicyConfig() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginResourcePolicyConfig

CrossOriginResourcePolicyHeaderWriter - Class in org.springframework.security.web.header.writers

Inserts Cross-Origin-Resource-Policy header

CrossOriginResourcePolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter

CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy - Enum Class in org.springframework.security.web.header.writers

CrossOriginResourcePolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header

Inserts Cross-Origin-Resource-Policy headers.

CrossOriginResourcePolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter

CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy - Enum Class in org.springframework.security.web.server.header

csrf() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.csrf(Customizer) or csrf(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

csrf() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.csrf(Customizer) or csrf(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

csrf() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers

csrf() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors

Creates a RequestPostProcessor that will automatically populate a valid CsrfToken in the request.

csrf(Customizer<CsrfConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Enables CSRF protection.

csrf(Customizer<ServerHttpSecurity.CsrfSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures CSRF Protection which is enabled by default.

CSRF - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

CsrfWebFilter

CSRF - Static variable in class org.springframework.security.config.Elements

CsrfAuthenticationStrategy - Class in org.springframework.security.web.csrf

CsrfAuthenticationStrategy is in charge of removing the CsrfToken upon authenticating.

CsrfAuthenticationStrategy(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.CsrfAuthenticationStrategy

Creates a new instance

CsrfBeanDefinitionParser - Class in org.springframework.security.config.http

Parser for the CsrfFilter.

CsrfBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.CsrfBeanDefinitionParser

csrfChannelInterceptor() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

Deprecated.

CsrfChannelInterceptor - Class in org.springframework.security.messaging.web.csrf

ChannelInterceptor that validates that a valid CSRF is included in the header of any SimpMessageType.CONNECT message.

CsrfChannelInterceptor() - Constructor for class org.springframework.security.messaging.web.csrf.CsrfChannelInterceptor

CsrfConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds CSRF protection for the methods as specified by CsrfConfigurer.requireCsrfProtectionMatcher(RequestMatcher).

CsrfConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer

Creates a new instance

CsrfException - Exception in org.springframework.security.web.csrf

Thrown when an invalid or missing CsrfToken is found in the HttpServletRequest

CsrfException - Exception in org.springframework.security.web.server.csrf

Thrown when an invalid or missing CsrfToken is found in the HttpServletRequest

CsrfException(String) - Constructor for exception org.springframework.security.web.csrf.CsrfException

CsrfException(String) - Constructor for exception org.springframework.security.web.server.csrf.CsrfException

CsrfFilter - Class in org.springframework.security.web.csrf

Applies CSRF protection using a synchronizer token pattern.

CsrfFilter(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.CsrfFilter

Creates a new instance.

CsrfInputTag - Class in org.springframework.security.taglibs.csrf

A JSP tag that prints out a hidden form field for the CSRF token.

CsrfInputTag() - Constructor for class org.springframework.security.taglibs.csrf.CsrfInputTag

CsrfLogoutHandler - Class in org.springframework.security.web.csrf

CsrfLogoutHandler is in charge of removing the CsrfToken upon logout.

CsrfLogoutHandler(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.CsrfLogoutHandler

Creates a new instance

CsrfMetaTagsTag - Class in org.springframework.security.taglibs.csrf

A JSP tag that prints out a meta tags holding the CSRF form field name and token value for use in JavaScrip code.

CsrfMetaTagsTag() - Constructor for class org.springframework.security.taglibs.csrf.CsrfMetaTagsTag

CsrfRequestDataValueProcessor - Class in org.springframework.security.web.reactive.result.view

CsrfRequestDataValueProcessor - Class in org.springframework.security.web.servlet.support.csrf

Integration with Spring Web MVC that automatically adds the CsrfToken into forms with hidden inputs when using Spring tag libraries.

CsrfRequestDataValueProcessor() - Constructor for class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor

CsrfRequestDataValueProcessor() - Constructor for class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor

CsrfServerLogoutHandler - Class in org.springframework.security.web.server.csrf

CsrfServerLogoutHandler is in charge of removing the CsrfToken upon logout.

CsrfServerLogoutHandler(ServerCsrfTokenRepository) - Constructor for class org.springframework.security.web.server.csrf.CsrfServerLogoutHandler

Creates a new instance

CsrfToken - Interface in org.springframework.security.web.csrf

Provides the information about an expected CSRF token.

CsrfToken - Interface in org.springframework.security.web.server.csrf

CsrfTokenArgumentResolver - Class in org.springframework.security.web.method.annotation

Allows resolving the current CsrfToken.

CsrfTokenArgumentResolver() - Constructor for class org.springframework.security.web.method.annotation.CsrfTokenArgumentResolver

CsrfTokenHandshakeInterceptor - Class in org.springframework.security.messaging.web.socket.server

Loads a CsrfToken from the HttpServletRequest and HttpServletResponse to populate the WebSocket attributes.

CsrfTokenHandshakeInterceptor() - Constructor for class org.springframework.security.messaging.web.socket.server.CsrfTokenHandshakeInterceptor

csrfTokenRepository(CsrfTokenRepository) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer

Specify the CsrfTokenRepository to use.

csrfTokenRepository(ServerCsrfTokenRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec

Configures the ServerCsrfTokenRepository used to persist the CSRF Token.

CsrfTokenRepository - Interface in org.springframework.security.web.csrf

An API to allow changing the method in which the expected CsrfToken is associated to the HttpServletRequest.

CsrfTokenRequestAttributeHandler - Class in org.springframework.security.web.csrf

An implementation of the CsrfTokenRequestHandler interface that is capable of making the CsrfToken available as a request attribute and resolving the token value as either a header or parameter value of the request.

CsrfTokenRequestAttributeHandler() - Constructor for class org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler

csrfTokenRequestHandler(CsrfTokenRequestHandler) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer

Specify a CsrfTokenRequestHandler to use for making the CsrfToken available as a request attribute.

csrfTokenRequestHandler(ServerCsrfTokenRequestHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec

Specifies a ServerCsrfTokenRequestHandler that is used to make the CsrfToken available as an exchange attribute.

CsrfTokenRequestHandler - Interface in org.springframework.security.web.csrf

A callback interface that is used to make the CsrfToken created by the CsrfTokenRepository available as a request attribute.

CsrfTokenRequestResolver - Interface in org.springframework.security.web.csrf

Implementations of this interface are capable of resolving the token value of a CsrfToken from the provided HttpServletRequest.

CsrfWebFilter - Class in org.springframework.security.web.server.csrf

Applies CSRF protection using a synchronizer token pattern.

CsrfWebFilter() - Constructor for class org.springframework.security.web.server.csrf.CsrfWebFilter

css() - Static method in class org.springframework.security.web.authentication.ui.DefaultResourcesFilter

Create an instance of DefaultResourcesFilter serving Spring Security's default CSS stylesheet.

css() - Static method in class org.springframework.security.web.server.ui.DefaultResourcesWebFilter

Create an instance of DefaultResourcesWebFilter serving Spring Security's default CSS stylesheet.

CTY - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames

cty - the content type header is used by JWS/JWE applications to declare the media type of the secured content (the payload)

CumulativePermission - Class in org.springframework.security.acls.domain

Represents a Permission that is constructed at runtime from other permissions.

CumulativePermission() - Constructor for class org.springframework.security.acls.domain.CumulativePermission

currentDate - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat

Current formatted date.

currentDateGenerated - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat

Instant on which the currentDate object was generated.

CurrentSecurityContext - Annotation Interface in org.springframework.security.core.annotation

Annotation that is used to resolve the SecurityContext as a method argument.

CurrentSecurityContextArgumentResolver - Class in org.springframework.security.messaging.handler.invocation.reactive

Allows resolving the Authentication.getPrincipal() using the CurrentSecurityContext annotation.

CurrentSecurityContextArgumentResolver - Class in org.springframework.security.web.method.annotation

Allows resolving the SecurityContext using the CurrentSecurityContext annotation.

CurrentSecurityContextArgumentResolver - Class in org.springframework.security.web.reactive.result.method.annotation

Resolves the SecurityContext

CurrentSecurityContextArgumentResolver() - Constructor for class org.springframework.security.messaging.handler.invocation.reactive.CurrentSecurityContextArgumentResolver

CurrentSecurityContextArgumentResolver() - Constructor for class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver

CurrentSecurityContextArgumentResolver(ReactiveAdapterRegistry) - Constructor for class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver

CUSTOM_FILTER - Static variable in class org.springframework.security.config.Elements

customize(Consumer<PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder>) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder

Allows customizing the builder using the Consumer that is passed in.

customize(Consumer<PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder>) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder

Allows customizing the PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder

customize(WebSecurity) - Method in interface org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer

Performs the customizations on WebSecurity.

customize(T) - Method in interface org.springframework.security.config.Customizer

Performs the customizations on the input argument.

customizeClientInboundChannel(ChannelRegistration) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

Deprecated.

Allows subclasses to customize the configuration of the ChannelRegistration .

Customizer<T> - Interface in org.springframework.security.config

Callback interface that accepts a single input argument and returns no result.

customMethodSecurityMetadataSource() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Deprecated.

Provides a custom MethodSecurityMetadataSource that is registered with the GlobalMethodSecurityConfiguration.methodSecurityMetadataSource().

CycleInRoleHierarchyException - Exception in org.springframework.security.access.hierarchicalroles

Exception that is thrown because of a cycle in the role hierarchy definition

CycleInRoleHierarchyException() - Constructor for exception org.springframework.security.access.hierarchicalroles.CycleInRoleHierarchyException

D

DaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>,U extends UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails

Allows configuring a DaoAuthenticationProvider

DaoAuthenticationConfigurer(U) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.userdetails.DaoAuthenticationConfigurer

Creates a new instance

DaoAuthenticationProvider - Class in org.springframework.security.authentication.dao

An AuthenticationProvider implementation that retrieves user details from a UserDetailsService.

DaoAuthenticationProvider() - Constructor for class org.springframework.security.authentication.dao.DaoAuthenticationProvider

DaoAuthenticationProvider(PasswordEncoder) - Constructor for class org.springframework.security.authentication.dao.DaoAuthenticationProvider

Creates a new instance using the provided PasswordEncoder

databaseClient - Variable in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService

dataSource(DataSource) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

Populates the DataSource to be used.

debug() - Element in annotation interface org.springframework.security.config.annotation.web.configuration.EnableWebSecurity

Controls debugging support for Spring Security.

debug(boolean) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Controls debugging support for Spring Security.

DEBUG - Static variable in class org.springframework.security.config.Elements

DEBUG_FILTER - Static variable in class org.springframework.security.config.BeanIds

DebugBeanDefinitionParser - Class in org.springframework.security.config

DebugBeanDefinitionParser() - Constructor for class org.springframework.security.config.DebugBeanDefinitionParser

DebugFilter - Class in org.springframework.security.web.debug

Spring Security debugging filter.

DebugFilter(FilterChainProxy) - Constructor for class org.springframework.security.web.debug.DebugFilter

decide(Authentication, Object, Collection<ConfigAttribute>) - Method in interface org.springframework.security.access.AccessDecisionManager

Deprecated.

Resolves an access control decision for the passed parameters.

decide(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.vote.AffirmativeBased

Deprecated.

This concrete implementation simply polls all configured AccessDecisionVoters and grants access if any AccessDecisionVoter voted affirmatively.

decide(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.vote.ConsensusBased

Deprecated.

This concrete implementation simply polls all configured AccessDecisionVoters and upon completion determines the consensus of granted against denied responses.

decide(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.vote.UnanimousBased

Deprecated.

This concrete implementation polls all configured AccessDecisionVoters for each ConfigAttribute and grants access if only grant (or abstain) votes were received.

decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in interface org.springframework.security.access.AfterInvocationProvider

Deprecated.

decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in interface org.springframework.security.access.intercept.AfterInvocationManager

Deprecated.

Given the details of a secure object invocation including its returned Object, make an access control decision or optionally modify the returned Object.

decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in class org.springframework.security.access.intercept.AfterInvocationProviderManager

Deprecated.

decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in class org.springframework.security.access.prepost.PostInvocationAdviceProvider

Deprecated.

decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider

decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider

decide(FilterInvocation, Collection<ConfigAttribute>) - Method in interface org.springframework.security.web.access.channel.ChannelDecisionManager

Decided whether the presented FilterInvocation provides the appropriate level of channel security based on the requested list of ConfigAttributes.

decide(FilterInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl

decide(FilterInvocation, Collection<ConfigAttribute>) - Method in interface org.springframework.security.web.access.channel.ChannelProcessor

Decided whether the presented FilterInvocation provides the appropriate level of channel security based on the requested list of ConfigAttributes.

decide(FilterInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor

decide(FilterInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor

decode(byte[]) - Static method in class org.springframework.security.crypto.codec.Base64

Deprecated.

decode(byte[]) - Static method in class org.springframework.security.crypto.codec.Utf8

Decode the bytes in UTF-8 form into a String.

decode(CharSequence) - Static method in class org.springframework.security.crypto.codec.Hex

decode(String) - Method in interface org.springframework.security.oauth2.jwt.JwtDecoder

Decodes the JWT from it's compact claims representation format and returns a Jwt.

decode(String) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder

Decode and validate the JWT from its compact claims representation format

decode(String) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder

decode(String) - Method in interface org.springframework.security.oauth2.jwt.ReactiveJwtDecoder

Decodes the JWT from it's compact claims representation format and returns a Jwt.

decode(String) - Method in class org.springframework.security.oauth2.jwt.SupplierJwtDecoder

Decodes the JWT from it's compact claims representation format and returns a Jwt.

decode(String) - Method in class org.springframework.security.oauth2.jwt.SupplierReactiveJwtDecoder

Decodes the JWT from it's compact claims representation format and returns a Jwt.

decode(Publisher<DataBuffer>, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.BasicAuthenticationDecoder

Deprecated.

DECODE - Static variable in class org.springframework.security.crypto.codec.Base64

Deprecated.

Specify decoding in first bit.

decodeCookie(String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

Decodes the cookie and splits it into a set of token strings using the ":" delimiter.

decoder(JwtDecoder) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer

decodeToMono(Publisher<DataBuffer>, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.BasicAuthenticationDecoder

Deprecated.

decorate(FilterChain) - Method in interface org.springframework.security.web.FilterChainProxy.FilterChainDecorator

Provide a new FilterChain that accounts for needed security considerations when there are no security filters.

decorate(FilterChain) - Method in class org.springframework.security.web.FilterChainProxy.VirtualFilterChainDecorator

Provide a new FilterChain that accounts for needed security considerations when there are no security filters.

decorate(FilterChain) - Method in class org.springframework.security.web.ObservationFilterChainDecorator

decorate(FilterChain, List<Filter>) - Method in interface org.springframework.security.web.FilterChainProxy.FilterChainDecorator

Provide a new FilterChain that accounts for the provided filters as well as the original filter chain.

decorate(FilterChain, List<Filter>) - Method in class org.springframework.security.web.FilterChainProxy.VirtualFilterChainDecorator

Provide a new FilterChain that accounts for the provided filters as well as the original filter chain.

decorate(FilterChain, List<Filter>) - Method in class org.springframework.security.web.ObservationFilterChainDecorator

decorate(WebFilterChain) - Method in class org.springframework.security.web.server.ObservationWebFilterChainDecorator

decorate(WebFilterChain) - Method in class org.springframework.security.web.server.WebFilterChainProxy.DefaultWebFilterChainDecorator

Provide a new WebFilterChain that accounts for needed security considerations when there are no security filters.

decorate(WebFilterChain) - Method in interface org.springframework.security.web.server.WebFilterChainProxy.WebFilterChainDecorator

Provide a new WebFilterChain that accounts for needed security considerations when there are no security filters.

decorate(WebFilterChain, List<WebFilter>) - Method in class org.springframework.security.web.server.ObservationWebFilterChainDecorator

decorate(WebFilterChain, List<WebFilter>) - Method in class org.springframework.security.web.server.WebFilterChainProxy.DefaultWebFilterChainDecorator

Provide a new WebFilterChain that accounts for the provided filters as well as the original filter chain.

decorate(WebFilterChain, List<WebFilter>) - Method in interface org.springframework.security.web.server.WebFilterChainProxy.WebFilterChainDecorator

Provide a new WebFilterChain that accounts for the provided filters as well as the original filter chain.

decorate(Node, BeanDefinitionHolder, ParserContext) - Method in class org.springframework.security.config.http.FilterChainMapBeanDefinitionDecorator

decorate(Node, BeanDefinitionHolder, ParserContext) - Method in class org.springframework.security.config.method.InterceptMethodsBeanDefinitionDecorator

decorate(Node, BeanDefinitionHolder, ParserContext) - Method in class org.springframework.security.config.SecurityNamespaceHandler

decrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.AesBytesEncryptor

decrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.BouncyCastleAesCbcBytesEncryptor

decrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.BouncyCastleAesGcmBytesEncryptor

decrypt(byte[]) - Method in interface org.springframework.security.crypto.encrypt.BytesEncryptor

Decrypt the byte array.

decrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.RsaRawEncryptor

decrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

decrypt(String) - Method in class org.springframework.security.crypto.encrypt.RsaRawEncryptor

decrypt(String) - Method in class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

decrypt(String) - Method in interface org.springframework.security.crypto.encrypt.TextEncryptor

Decrypt the encrypted text string.

decryption(PrivateKey, X509Certificate) - Static method in class org.springframework.security.saml2.core.Saml2X509Credential

Create a Saml2X509Credential that can be used for decryption.

DECRYPTION - Enum constant in enum class org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType

DECRYPTION_ERROR - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes

The system failed to decrypt an assertion or a name identifier.

decryptionX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder

Deprecated.

decryptionX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder

Apply this Consumer to the Collection of Saml2X509Credentials for the purposes of modifying the Collection

DEF_AUTHORITIES_BY_USERNAME_QUERY - Static variable in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

DEF_CHANGE_PASSWORD_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager

DEF_CREATE_USER_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager

DEF_DELETE_GROUP_AUTHORITIES_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager

DEF_DELETE_GROUP_AUTHORITY_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager

DEF_DELETE_GROUP_MEMBER_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager

DEF_DELETE_GROUP_MEMBERS_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager

DEF_DELETE_GROUP_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager

DEF_DELETE_USER_AUTHORITIES_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager

DEF_DELETE_USER_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager

DEF_FIND_GROUP_ID_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager

DEF_FIND_GROUPS_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager

DEF_FIND_USERS_IN_GROUP_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager

DEF_GROUP_AUTHORITIES_BY_USERNAME_QUERY - Static variable in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

DEF_GROUP_AUTHORITIES_QUERY_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager

DEF_GROUP_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

DEF_GROUP_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

DEF_INSERT_AUTHORITY_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager

DEF_INSERT_GROUP_AUTHORITY_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager

DEF_INSERT_GROUP_MEMBER_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager

DEF_INSERT_GROUP_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager

DEF_INSERT_TOKEN_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl

The default SQL used by createNewToken

DEF_REMOVE_USER_TOKENS_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl

The default SQL used by removeUserTokens

DEF_RENAME_GROUP_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager

DEF_TOKEN_BY_SERIES_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl

The default SQL used by the getTokenBySeries query

DEF_UPDATE_TOKEN_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl

The default SQL used by updateToken

DEF_UPDATE_USER_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager

DEF_USER_EXISTS_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager

DEF_USER_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

DEF_USERS_BY_USERNAME_QUERY - Static variable in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

DEFAULT - Enum constant in enum class org.springframework.security.crypto.encrypt.RsaAlgorithm

DEFAULT_ACL_CLASS_ID_SELECT_CLAUSE - Static variable in class org.springframework.security.acls.jdbc.BasicLookupStrategy

DEFAULT_AUTHENTICATION_REQUEST_URI - Static variable in interface org.springframework.security.saml2.provider.service.web.authentication.Saml2AuthenticationRequestResolver

DEFAULT_AUTHORIZATION_REQUEST_BASE_URI - Static variable in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter

The default base URI used for authorization requests.

DEFAULT_AUTHORIZATION_REQUEST_PATTERN - Static variable in class org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver

The default pattern used to resolve the ClientRegistration.getRegistrationId()

DEFAULT_CAS_ARTIFACT_PARAMETER - Static variable in class org.springframework.security.cas.ServiceProperties

DEFAULT_CAS_SERVICE_PARAMETER - Static variable in class org.springframework.security.cas.ServiceProperties

DEFAULT_CSRF_ATTR_NAME - Static variable in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor

The default request attribute to look for a CsrfToken.

DEFAULT_CSRF_MATCHER - Static variable in class org.springframework.security.web.csrf.CsrfFilter

The default RequestMatcher that indicates if CSRF protection is required or not.

DEFAULT_CSRF_MATCHER - Static variable in class org.springframework.security.web.server.csrf.CsrfWebFilter

DEFAULT_EXTRACTOR - Static variable in class org.springframework.security.web.util.ThrowableAnalyzer

Default extractor for Throwable instances.

DEFAULT_FILTER_NAME - Static variable in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer

DEFAULT_FILTER_PROCESSES_URI - Static variable in class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter

The default URI where this Filter processes authentication requests.

DEFAULT_FILTER_PROCESSES_URI - Static variable in class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter

DEFAULT_LOGIN_PAGE_URL - Static variable in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

DEFAULT_LOGOUT_SUCCESS_URL - Static variable in class org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler

DEFAULT_METADATA_FILE_NAME - Static variable in class org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter

DEFAULT_ORDER_BY_CLAUSE - Static variable in class org.springframework.security.acls.jdbc.BasicLookupStrategy

DEFAULT_PARAMETER - Static variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

DEFAULT_REGISTRATION_ID_URI_VARIABLE_NAME - Static variable in class org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver

The name of the path variable that contains the ClientRegistration.getRegistrationId()

DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES - Static variable in class org.springframework.security.oauth2.client.RemoveAuthorizedClientOAuth2AuthorizationFailureHandler

The default OAuth 2.0 error codes that will trigger removal of an OAuth2AuthorizedClient.

DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES - Static variable in class org.springframework.security.oauth2.client.RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler

The default OAuth 2.0 error codes that will trigger removal of the authorized client.

DEFAULT_REQUEST_ATTR_NAME - Static variable in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository

The default request attribute name to use.

DEFAULT_SAML_ARTIFACT_PARAMETER - Static variable in class org.springframework.security.cas.SamlServiceProperties

DEFAULT_SAML_SERVICE_PARAMETER - Static variable in class org.springframework.security.cas.SamlServiceProperties

DEFAULT_SELECT_CLAUSE - Static variable in class org.springframework.security.acls.jdbc.BasicLookupStrategy

DEFAULT_SERIES_LENGTH - Static variable in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices

DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME - Static variable in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository

The default session attribute name to save and load the SecurityContext

DEFAULT_TOKEN_LENGTH - Static variable in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices

DEFAULT_USER_SCHEMA_DDL_LOCATION - Static variable in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

defaultAccessDeniedHandlerFor(AccessDeniedHandler, RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer

Sets a default AccessDeniedHandler to be used which prefers being invoked for the provided RequestMatcher.

DefaultActiveDirectoryAuthoritiesPopulator - Class in org.springframework.security.ldap.authentication.ad

The default strategy for obtaining user role information from the active directory.

DefaultActiveDirectoryAuthoritiesPopulator() - Constructor for class org.springframework.security.ldap.authentication.ad.DefaultActiveDirectoryAuthoritiesPopulator

DefaultAddressStandardClaim - Class in org.springframework.security.oauth2.core.oidc

The default implementation of an Address Claim.

DefaultAddressStandardClaim.Builder - Class in org.springframework.security.oauth2.core.oidc

A builder for DefaultAddressStandardClaim.

defaultAuthenticationEntryPointFor(AuthenticationEntryPoint, RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer

Sets a default AuthenticationEntryPoint to be used which prefers being invoked for the provided RequestMatcher.

DefaultAuthenticationEventPublisher - Class in org.springframework.security.authentication

The default strategy for publishing authentication events.

DefaultAuthenticationEventPublisher() - Constructor for class org.springframework.security.authentication.DefaultAuthenticationEventPublisher

DefaultAuthenticationEventPublisher(ApplicationEventPublisher) - Constructor for class org.springframework.security.authentication.DefaultAuthenticationEventPublisher

DefaultAuthorizationCodeTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint

Deprecated.

Use RestClientAuthorizationCodeTokenResponseClient instead

DefaultAuthorizationCodeTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient

Deprecated.

DefaultBearerTokenResolver - Class in org.springframework.security.oauth2.server.resource.web

The default BearerTokenResolver implementation based on RFC 6750.

DefaultBearerTokenResolver() - Constructor for class org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver

DefaultClientCredentialsTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint

Deprecated.

Use RestClientClientCredentialsTokenResponseClient instead

DefaultClientCredentialsTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultClientCredentialsTokenResponseClient

Deprecated.

DefaultContextAttributesMapper() - Constructor for class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper

DefaultContextAttributesMapper() - Constructor for class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper

DefaultContextAttributesMapper() - Constructor for class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper

DefaultContextAttributesMapper() - Constructor for class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper

DefaultCsrfToken - Class in org.springframework.security.web.csrf

A CSRF token that is used to protect against CSRF attacks.

DefaultCsrfToken - Class in org.springframework.security.web.server.csrf

A CSRF token that is used to protect against CSRF attacks.

DefaultCsrfToken(String, String, String) - Constructor for class org.springframework.security.web.csrf.DefaultCsrfToken

Creates a new instance

DefaultCsrfToken(String, String, String) - Constructor for class org.springframework.security.web.server.csrf.DefaultCsrfToken

Creates a new instance

DefaultFilterChainValidator - Class in org.springframework.security.config.http

DefaultFilterChainValidator() - Constructor for class org.springframework.security.config.http.DefaultFilterChainValidator

DefaultFilterInvocationSecurityMetadataSource - Class in org.springframework.security.web.access.intercept

Default implementation of FilterInvocationDefinitionSource.

DefaultFilterInvocationSecurityMetadataSource(LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>) - Constructor for class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource

Sets the internal request map from the supplied map.

DefaultHttpFirewall - Class in org.springframework.security.web.firewall

User's should consider using StrictHttpFirewall because rather than trying to sanitize a malicious URL it rejects the malicious URL providing better security guarantees.

DefaultHttpFirewall() - Constructor for class org.springframework.security.web.firewall.DefaultHttpFirewall

DefaultHttpSecurityExpressionHandler - Class in org.springframework.security.web.access.expression

A SecurityExpressionHandler that uses a RequestAuthorizationContext to create a WebSecurityExpressionRoot.

DefaultHttpSecurityExpressionHandler() - Constructor for class org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler

defaultIvGenerator() - Method in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm

DefaultJaasAuthenticationProvider - Class in org.springframework.security.authentication.jaas

Creates a LoginContext using the Configuration provided to it.

DefaultJaasAuthenticationProvider() - Constructor for class org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider

DefaultJwtBearerTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint

Deprecated.

Use RestClientJwtBearerTokenResponseClient instead

DefaultJwtBearerTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultJwtBearerTokenResponseClient

Deprecated.

DefaultLdapAuthoritiesPopulator - Class in org.springframework.security.ldap.userdetails

The default strategy for obtaining user role information from the directory.

DefaultLdapAuthoritiesPopulator(ContextSource, String) - Constructor for class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

Constructor for group search scenarios.

DefaultLdapUsernameToDnMapper - Class in org.springframework.security.ldap

This implementation appends a name component to the userDnBase context using the usernameAttributeName property.

DefaultLdapUsernameToDnMapper(String, String) - Constructor for class org.springframework.security.ldap.DefaultLdapUsernameToDnMapper

DefaultLoginExceptionResolver - Class in org.springframework.security.authentication.jaas

This LoginExceptionResolver simply wraps the LoginException with an AuthenticationServiceException.

DefaultLoginExceptionResolver() - Constructor for class org.springframework.security.authentication.jaas.DefaultLoginExceptionResolver

DefaultLoginPageConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds a Filter that will generate a login page if one is not specified otherwise when using EnableWebSecurity.

DefaultLoginPageConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer

DefaultLoginPageGeneratingFilter - Class in org.springframework.security.web.authentication.ui

For internal use with namespace configuration in the case where a user doesn't configure a login page.

DefaultLoginPageGeneratingFilter() - Constructor for class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

DefaultLoginPageGeneratingFilter(UsernamePasswordAuthenticationFilter) - Constructor for class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

DefaultLogoutPageGeneratingFilter - Class in org.springframework.security.web.authentication.ui

Generates a default log out page.

DefaultLogoutPageGeneratingFilter() - Constructor for class org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter

defaultLogoutSuccessHandlerFor(LogoutSuccessHandler, RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

Sets a default LogoutSuccessHandler to be used which prefers being invoked for the provided RequestMatcher.

DefaultMapOAuth2AccessTokenResponseConverter - Class in org.springframework.security.oauth2.core.endpoint

A Converter that converts the provided OAuth 2.0 Access Token Response parameters to an OAuth2AccessTokenResponse.

DefaultMapOAuth2AccessTokenResponseConverter() - Constructor for class org.springframework.security.oauth2.core.endpoint.DefaultMapOAuth2AccessTokenResponseConverter

DefaultMessageSecurityExpressionHandler<T> - Class in org.springframework.security.messaging.access.expression

The default implementation of SecurityExpressionHandler which uses a MessageSecurityExpressionRoot.

DefaultMessageSecurityExpressionHandler() - Constructor for class org.springframework.security.messaging.access.expression.DefaultMessageSecurityExpressionHandler

DefaultMessageSecurityMetadataSource - Class in org.springframework.security.messaging.access.intercept

Deprecated.

Use MessageMatcherDelegatingAuthorizationManager instead

DefaultMessageSecurityMetadataSource(LinkedHashMap<MessageMatcher<?>, Collection<ConfigAttribute>>) - Constructor for class org.springframework.security.messaging.access.intercept.DefaultMessageSecurityMetadataSource

Deprecated.

DefaultMethodSecurityExpressionHandler - Class in org.springframework.security.access.expression.method

The standard implementation of MethodSecurityExpressionHandler.

DefaultMethodSecurityExpressionHandler() - Constructor for class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler

DefaultOAuth2AccessTokenResponseMapConverter - Class in org.springframework.security.oauth2.core.endpoint

A Converter that converts the provided OAuth2AccessTokenResponse to a Map representation of the OAuth 2.0 Access Token Response parameters.

DefaultOAuth2AccessTokenResponseMapConverter() - Constructor for class org.springframework.security.oauth2.core.endpoint.DefaultOAuth2AccessTokenResponseMapConverter

DefaultOAuth2AuthenticatedPrincipal - Class in org.springframework.security.oauth2.core

A domain object that wraps the attributes of an OAuth 2.0 token.

DefaultOAuth2AuthenticatedPrincipal(String, Map<String, Object>, Collection<GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal

Constructs an DefaultOAuth2AuthenticatedPrincipal using the provided parameters.

DefaultOAuth2AuthenticatedPrincipal(Map<String, Object>, Collection<GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal

Constructs an DefaultOAuth2AuthenticatedPrincipal using the provided parameters.

DefaultOAuth2AuthorizationRequestResolver - Class in org.springframework.security.oauth2.client.web

An implementation of an OAuth2AuthorizationRequestResolver that attempts to resolve an OAuth2AuthorizationRequest from the provided HttpServletRequest using the default request URI pattern /oauth2/authorization/{registrationId}.

DefaultOAuth2AuthorizationRequestResolver(ClientRegistrationRepository, String) - Constructor for class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver

Constructs a DefaultOAuth2AuthorizationRequestResolver using the provided parameters.

DefaultOAuth2AuthorizedClientManager - Class in org.springframework.security.oauth2.client.web

The default implementation of an OAuth2AuthorizedClientManager for use within the context of a HttpServletRequest.

DefaultOAuth2AuthorizedClientManager(ClientRegistrationRepository, OAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager

Constructs a DefaultOAuth2AuthorizedClientManager using the provided parameters.

DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper - Class in org.springframework.security.oauth2.client.web

The default implementation of the contextAttributesMapper.

DefaultOAuth2TokenRequestHeadersConverter<T extends AbstractOAuth2AuthorizationGrantRequest> - Class in org.springframework.security.oauth2.client.endpoint

Default Converter used to convert an AbstractOAuth2AuthorizationGrantRequest to the HttpHeaders of a RequestEntity representation of an OAuth 2.0 Access Token Request for the specific Authorization Grant.

DefaultOAuth2TokenRequestHeadersConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultOAuth2TokenRequestHeadersConverter

DefaultOAuth2TokenRequestParametersConverter<T extends AbstractOAuth2AuthorizationGrantRequest> - Class in org.springframework.security.oauth2.client.endpoint

Default Converter used to convert an AbstractOAuth2AuthorizationGrantRequest to the default parameters of an OAuth 2.0 Access Token Request.

DefaultOAuth2TokenRequestParametersConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultOAuth2TokenRequestParametersConverter

DefaultOAuth2User - Class in org.springframework.security.oauth2.core.user

The default implementation of an OAuth2User.

DefaultOAuth2User(Collection<? extends GrantedAuthority>, Map<String, Object>, String) - Constructor for class org.springframework.security.oauth2.core.user.DefaultOAuth2User

Constructs a DefaultOAuth2User using the provided parameters.

DefaultOAuth2UserService - Class in org.springframework.security.oauth2.client.userinfo

An implementation of an OAuth2UserService that supports standard OAuth 2.0 Provider's.

DefaultOAuth2UserService() - Constructor for class org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService

DefaultOidcUser - Class in org.springframework.security.oauth2.core.oidc.user

The default implementation of an OidcUser.

DefaultOidcUser(Collection<? extends GrantedAuthority>, OidcIdToken) - Constructor for class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser

Constructs a DefaultOidcUser using the provided parameters.

DefaultOidcUser(Collection<? extends GrantedAuthority>, OidcIdToken, String) - Constructor for class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser

Constructs a DefaultOidcUser using the provided parameters.

DefaultOidcUser(Collection<? extends GrantedAuthority>, OidcIdToken, OidcUserInfo) - Constructor for class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser

Constructs a DefaultOidcUser using the provided parameters.

DefaultOidcUser(Collection<? extends GrantedAuthority>, OidcIdToken, OidcUserInfo, String) - Constructor for class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser

Constructs a DefaultOidcUser using the provided parameters.

DefaultOneTimeToken - Class in org.springframework.security.authentication.ott

A default implementation of OneTimeToken

DefaultOneTimeToken(String, String, Instant) - Constructor for class org.springframework.security.authentication.ott.DefaultOneTimeToken

DefaultOneTimeTokenSubmitPageGeneratingFilter - Class in org.springframework.security.web.authentication.ui

Creates a default one-time token submit page.

DefaultOneTimeTokenSubmitPageGeneratingFilter() - Constructor for class org.springframework.security.web.authentication.ui.DefaultOneTimeTokenSubmitPageGeneratingFilter

DefaultPasswordTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint

Deprecated.

The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.

DefaultPasswordTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultPasswordTokenResponseClient

Deprecated.

DefaultPayloadExchange - Class in org.springframework.security.rsocket.core

Default implementation of PayloadExchange

DefaultPayloadExchange(PayloadExchangeType, Payload, MimeType, MimeType) - Constructor for class org.springframework.security.rsocket.core.DefaultPayloadExchange

DefaultPermissionFactory - Class in org.springframework.security.acls.domain

Default implementation of PermissionFactory.

DefaultPermissionFactory() - Constructor for class org.springframework.security.acls.domain.DefaultPermissionFactory

Registers the Permission fields from the BasePermission class.

DefaultPermissionFactory(Class<? extends Permission>) - Constructor for class org.springframework.security.acls.domain.DefaultPermissionFactory

Registers the Permission fields from the supplied class.

DefaultPermissionFactory(Map<String, ? extends Permission>) - Constructor for class org.springframework.security.acls.domain.DefaultPermissionFactory

Registers a map of named Permission instances.

DefaultPermissionGrantingStrategy - Class in org.springframework.security.acls.domain

DefaultPermissionGrantingStrategy(AuditLogger) - Constructor for class org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy

Creates an instance with the logger which will be used to record granting and denial of requested permissions.

DefaultReactiveOAuth2AuthorizedClientManager - Class in org.springframework.security.oauth2.client.web

The default implementation of a ReactiveOAuth2AuthorizedClientManager for use within the context of a ServerWebExchange.

DefaultReactiveOAuth2AuthorizedClientManager(ReactiveClientRegistrationRepository, ServerOAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager

Constructs a DefaultReactiveOAuth2AuthorizedClientManager using the provided parameters.

DefaultReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper - Class in org.springframework.security.oauth2.client.web

The default implementation of the contextAttributesMapper.

DefaultReactiveOAuth2UserService - Class in org.springframework.security.oauth2.client.userinfo

An implementation of an ReactiveOAuth2UserService that supports standard OAuth 2.0 Provider's.

DefaultReactiveOAuth2UserService() - Constructor for class org.springframework.security.oauth2.client.userinfo.DefaultReactiveOAuth2UserService

DefaultRedirectStrategy - Class in org.springframework.security.web

Simple implementation of RedirectStrategy which is the default used throughout the framework.

DefaultRedirectStrategy() - Constructor for class org.springframework.security.web.DefaultRedirectStrategy

DefaultRefreshTokenTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint

Deprecated.

Use RestClientRefreshTokenTokenResponseClient instead

DefaultRefreshTokenTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultRefreshTokenTokenResponseClient

Deprecated.

DefaultRelyingPartyRegistrationResolver - Class in org.springframework.security.saml2.provider.service.web

A Converter that resolves a RelyingPartyRegistration by extracting the registration id from the request, querying a RelyingPartyRegistrationRepository, and resolving any template values.

DefaultRelyingPartyRegistrationResolver(RelyingPartyRegistrationRepository) - Constructor for class org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver

defaultRequest() - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction

Provides defaults for the HttpServletRequest and the HttpServletResponse using RequestContextHolder.

DefaultRequestRejectedHandler - Class in org.springframework.security.web.firewall

Default implementation of RequestRejectedHandler that simply rethrows the exception.

DefaultRequestRejectedHandler() - Constructor for class org.springframework.security.web.firewall.DefaultRequestRejectedHandler

DefaultResourcesFilter - Class in org.springframework.security.web.authentication.ui

Serve common static assets used in default UIs, such as CSS or Javascript files.

DefaultResourcesWebFilter - Class in org.springframework.security.web.server.ui

Serve common static assets used in default UIs, such as CSS or Javascript files.

defaults() - Static method in interface org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.TargetVisitor

The default AuthorizationAdvisorProxyFactory.TargetVisitor, which will proxy Class instances as well as instances contained in reactive types (if reactor is present), collection types, and other container types like Optional and Supplier

DefaultSaml2AuthenticatedPrincipal - Class in org.springframework.security.saml2.provider.service.authentication

Default implementation of a Saml2AuthenticatedPrincipal.

DefaultSaml2AuthenticatedPrincipal(String, Map<String, List<Object>>) - Constructor for class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal

DefaultSaml2AuthenticatedPrincipal(String, Map<String, List<Object>>, List<String>) - Constructor for class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal

DefaultSavedRequest - Class in org.springframework.security.web.savedrequest

Represents central information from a HttpServletRequest.

DefaultSavedRequest(HttpServletRequest, PortResolver) - Constructor for class org.springframework.security.web.savedrequest.DefaultSavedRequest

DefaultSavedRequest(HttpServletRequest, PortResolver, String) - Constructor for class org.springframework.security.web.savedrequest.DefaultSavedRequest

DefaultSavedRequest.Builder - Class in org.springframework.security.web.savedrequest

defaultsDisabled() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Clears all of the default headers from the response.

DefaultSecurityFilterChain - Class in org.springframework.security.web

Standard implementation of SecurityFilterChain.

DefaultSecurityFilterChain(RequestMatcher, Filter...) - Constructor for class org.springframework.security.web.DefaultSecurityFilterChain

DefaultSecurityFilterChain(RequestMatcher, List<Filter>) - Constructor for class org.springframework.security.web.DefaultSecurityFilterChain

DefaultSecurityParameterNameDiscoverer - Class in org.springframework.security.core.parameters

Spring Security's default ParameterNameDiscoverer which tries a number of ParameterNameDiscoverer depending on what is found on the classpath.

DefaultSecurityParameterNameDiscoverer() - Constructor for class org.springframework.security.core.parameters.DefaultSecurityParameterNameDiscoverer

Creates a new instance with only the default ParameterNameDiscoverer instances.

DefaultSecurityParameterNameDiscoverer(List<? extends ParameterNameDiscoverer>) - Constructor for class org.springframework.security.core.parameters.DefaultSecurityParameterNameDiscoverer

Creates a new instance that first tries the passed in ParameterNameDiscoverer instances.

DefaultServerOAuth2AuthorizationRequestResolver - Class in org.springframework.security.oauth2.client.web.server

The default implementation of ServerOAuth2AuthorizationRequestResolver.

DefaultServerOAuth2AuthorizationRequestResolver(ReactiveClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver

Creates a new instance

DefaultServerOAuth2AuthorizationRequestResolver(ReactiveClientRegistrationRepository, ServerWebExchangeMatcher) - Constructor for class org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver

Creates a new instance

DefaultServerRedirectStrategy - Class in org.springframework.security.web.server

The default ServerRedirectStrategy to use.

DefaultServerRedirectStrategy() - Constructor for class org.springframework.security.web.server.DefaultServerRedirectStrategy

defaultsForSpringSecurity_v4_1() - Static method in class org.springframework.security.crypto.scrypt.SCryptPasswordEncoder

Deprecated.

Use SCryptPasswordEncoder.defaultsForSpringSecurity_v5_8() instead

defaultsForSpringSecurity_v5_2() - Static method in class org.springframework.security.crypto.argon2.Argon2PasswordEncoder

Deprecated.

Use Argon2PasswordEncoder.defaultsForSpringSecurity_v5_8() instead

defaultsForSpringSecurity_v5_5() - Static method in class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder

Deprecated.

Use Pbkdf2PasswordEncoder.defaultsForSpringSecurity_v5_8() instead

defaultsForSpringSecurity_v5_8() - Static method in class org.springframework.security.crypto.argon2.Argon2PasswordEncoder

Constructs an Argon2 password encoder with a salt length of 16 bytes, a hash length of 32 bytes, parallelism of 1, memory cost of 1 << 14 and 2 iterations.

defaultsForSpringSecurity_v5_8() - Static method in class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder

Constructs a PBKDF2 password encoder with no additional secret value.

defaultsForSpringSecurity_v5_8() - Static method in class org.springframework.security.crypto.scrypt.SCryptPasswordEncoder

Constructs a SCrypt password encoder with cpu cost of 65,536, memory cost of 8, parallelization of 1, a key length of 32 and a salt length of 16 bytes.

DefaultSpringSecurityContextSource - Class in org.springframework.security.ldap

ContextSource implementation which uses Spring LDAP's LdapContextSource as a base class.

DefaultSpringSecurityContextSource(String) - Constructor for class org.springframework.security.ldap.DefaultSpringSecurityContextSource

Create and initialize an instance which will connect to the supplied LDAP URL.

DefaultSpringSecurityContextSource(List<String>, String) - Constructor for class org.springframework.security.ldap.DefaultSpringSecurityContextSource

Create and initialize an instance which will connect of the LDAP Spring Security Context Source.

defaultsSkipValueTypes() - Static method in interface org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.TargetVisitor

The default AuthorizationAdvisorProxyFactory.TargetVisitor that also skips any value types (for example, String, Integer).

defaultSubmitPageUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer

Sets the URL that the default submit page will be generated.

defaultSubmitPageUrl(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec

Sets the URL that the default submit page will be generated.

defaultSuccessUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Specifies where users will be redirected after authenticating successfully if they have not visited a secured page prior to authenticating.

defaultSuccessUrl(String, boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Specifies where users will be redirected after authenticating successfully if they have not visited a secured page prior to authenticating or alwaysUse is true.

DefaultToken - Class in org.springframework.security.core.token

The default implementation of Token.

DefaultToken(String, long, String) - Constructor for class org.springframework.security.core.token.DefaultToken

DefaultTokenExchangeTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint

Deprecated.

Use RestClientRefreshTokenTokenResponseClient instead

DefaultTokenExchangeTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultTokenExchangeTokenResponseClient

Deprecated.

DefaultWebAuthnRegistrationPageGeneratingFilter - Class in org.springframework.security.web.webauthn.registration

A Filter that renders a default WebAuthn registration page.

DefaultWebAuthnRegistrationPageGeneratingFilter(PublicKeyCredentialUserEntityRepository, UserCredentialRepository) - Constructor for class org.springframework.security.web.webauthn.registration.DefaultWebAuthnRegistrationPageGeneratingFilter

Creates a new instance.

DefaultWebFilterChainDecorator() - Constructor for class org.springframework.security.web.server.WebFilterChainProxy.DefaultWebFilterChainDecorator

DefaultWebInvocationPrivilegeEvaluator - Class in org.springframework.security.web.access

Deprecated.

Use AuthorizationManagerWebInvocationPrivilegeEvaluator instead

DefaultWebInvocationPrivilegeEvaluator(AbstractSecurityInterceptor) - Constructor for class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator

Deprecated.

DefaultWebSecurityExpressionHandler - Class in org.springframework.security.web.access.expression

DefaultWebSecurityExpressionHandler() - Constructor for class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler

DeferredCsrfToken - Interface in org.springframework.security.web.csrf

An interface that allows delayed access to a CsrfToken that may be generated.

DeferredSecurityContext - Interface in org.springframework.security.core.context

An interface that allows delayed access to a SecurityContext that may be generated.

DelegateEntry(ServerWebExchangeMatcher, ServerAccessDeniedHandler) - Constructor for class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry

DelegateEntry(ServerWebExchangeMatcher, ServerAuthenticationEntryPoint) - Constructor for class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint.DelegateEntry

DelegatingAccessDeniedHandler - Class in org.springframework.security.web.access

An AccessDeniedHandler that delegates to other AccessDeniedHandler instances based upon the type of AccessDeniedException passed into DelegatingAccessDeniedHandler.handle(HttpServletRequest, HttpServletResponse, AccessDeniedException).

DelegatingAccessDeniedHandler(LinkedHashMap<Class<? extends AccessDeniedException>, AccessDeniedHandler>, AccessDeniedHandler) - Constructor for class org.springframework.security.web.access.DelegatingAccessDeniedHandler

Creates a new instance

delegatingApplicationListener() - Static method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration

DelegatingApplicationListener - Class in org.springframework.security.context

Used for delegating to a number of SmartApplicationListener instances.

DelegatingApplicationListener() - Constructor for class org.springframework.security.context.DelegatingApplicationListener

DelegatingAuthenticationConverter - Class in org.springframework.security.web.authentication

A AuthenticationConverter, that iterates over multiple AuthenticationConverter.

DelegatingAuthenticationConverter(List<AuthenticationConverter>) - Constructor for class org.springframework.security.web.authentication.DelegatingAuthenticationConverter

DelegatingAuthenticationConverter(AuthenticationConverter...) - Constructor for class org.springframework.security.web.authentication.DelegatingAuthenticationConverter

DelegatingAuthenticationEntryPoint - Class in org.springframework.security.web.authentication

An AuthenticationEntryPoint which selects a concrete AuthenticationEntryPoint based on a RequestMatcher evaluation.

DelegatingAuthenticationEntryPoint(LinkedHashMap<RequestMatcher, AuthenticationEntryPoint>) - Constructor for class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint

DelegatingAuthenticationFailureHandler - Class in org.springframework.security.web.authentication

An AuthenticationFailureHandler that delegates to other AuthenticationFailureHandler instances based upon the type of AuthenticationException passed into DelegatingAuthenticationFailureHandler.onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) .

DelegatingAuthenticationFailureHandler(LinkedHashMap<Class<? extends AuthenticationException>, AuthenticationFailureHandler>, AuthenticationFailureHandler) - Constructor for class org.springframework.security.web.authentication.DelegatingAuthenticationFailureHandler

Creates a new instance

DelegatingJwtGrantedAuthoritiesConverter - Class in org.springframework.security.oauth2.server.resource.authentication

A Jwt to GrantedAuthority Converter that is a composite of converters.

DelegatingJwtGrantedAuthoritiesConverter(Collection<Converter<Jwt, Collection<GrantedAuthority>>>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.DelegatingJwtGrantedAuthoritiesConverter

Constructs a DelegatingJwtGrantedAuthoritiesConverter using the provided Collection of Converters

DelegatingJwtGrantedAuthoritiesConverter(Converter<Jwt, Collection<GrantedAuthority>>...) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.DelegatingJwtGrantedAuthoritiesConverter

Constructs a DelegatingJwtGrantedAuthoritiesConverter using the provided array of Converters

DelegatingLogoutSuccessHandler - Class in org.springframework.security.web.authentication.logout

Delegates to logout handlers based on matched request matchers

DelegatingLogoutSuccessHandler(LinkedHashMap<RequestMatcher, LogoutSuccessHandler>) - Constructor for class org.springframework.security.web.authentication.logout.DelegatingLogoutSuccessHandler

DelegatingMethodSecurityMetadataSource - Class in org.springframework.security.access.method

Deprecated.

Use the use-authorization-manager attribute for <method-security> and <intercept-methods> instead or use annotation-based or AuthorizationManager-based authorization

DelegatingMethodSecurityMetadataSource(List<MethodSecurityMetadataSource>) - Constructor for class org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource

Deprecated.

DelegatingOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client

An implementation of an OAuth2AuthorizedClientProvider that simply delegates to it's internal List of OAuth2AuthorizedClientProvider(s).

DelegatingOAuth2AuthorizedClientProvider(List<OAuth2AuthorizedClientProvider>) - Constructor for class org.springframework.security.oauth2.client.DelegatingOAuth2AuthorizedClientProvider

Constructs a DelegatingOAuth2AuthorizedClientProvider using the provided parameters.

DelegatingOAuth2AuthorizedClientProvider(OAuth2AuthorizedClientProvider...) - Constructor for class org.springframework.security.oauth2.client.DelegatingOAuth2AuthorizedClientProvider

Constructs a DelegatingOAuth2AuthorizedClientProvider using the provided parameters.

DelegatingOAuth2TokenValidator<T extends OAuth2Token> - Class in org.springframework.security.oauth2.core

A composite validator

DelegatingOAuth2TokenValidator(Collection<OAuth2TokenValidator<T>>) - Constructor for class org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator

Constructs a DelegatingOAuth2TokenValidator using the provided validators.

DelegatingOAuth2TokenValidator(OAuth2TokenValidator<T>...) - Constructor for class org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator

Constructs a DelegatingOAuth2TokenValidator using the provided validators.

DelegatingOAuth2UserService<R extends OAuth2UserRequest,U extends OAuth2User> - Class in org.springframework.security.oauth2.client.userinfo

An implementation of an OAuth2UserService that simply delegates to it's internal List of OAuth2UserService(s).

DelegatingOAuth2UserService(List<OAuth2UserService<R, U>>) - Constructor for class org.springframework.security.oauth2.client.userinfo.DelegatingOAuth2UserService

Constructs a DelegatingOAuth2UserService using the provided parameters.

DelegatingPasswordEncoder - Class in org.springframework.security.crypto.password

A password encoder that delegates to another PasswordEncoder based upon a prefixed identifier.

DelegatingPasswordEncoder(String, Map<String, PasswordEncoder>) - Constructor for class org.springframework.security.crypto.password.DelegatingPasswordEncoder

Creates a new instance

DelegatingPasswordEncoder(String, Map<String, PasswordEncoder>, String, String) - Constructor for class org.springframework.security.crypto.password.DelegatingPasswordEncoder

Creates a new instance

DelegatingReactiveAuthenticationManager - Class in org.springframework.security.authentication

A ReactiveAuthenticationManager that delegates to other ReactiveAuthenticationManager instances.

DelegatingReactiveAuthenticationManager(List<ReactiveAuthenticationManager>) - Constructor for class org.springframework.security.authentication.DelegatingReactiveAuthenticationManager

DelegatingReactiveAuthenticationManager(ReactiveAuthenticationManager...) - Constructor for class org.springframework.security.authentication.DelegatingReactiveAuthenticationManager

DelegatingReactiveAuthorizationManager - Class in org.springframework.security.web.server.authorization

DelegatingReactiveAuthorizationManager.Builder - Class in org.springframework.security.web.server.authorization

DelegatingReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client

An implementation of a ReactiveOAuth2AuthorizedClientProvider that simply delegates to it's internal List of ReactiveOAuth2AuthorizedClientProvider(s).

DelegatingReactiveOAuth2AuthorizedClientProvider(List<ReactiveOAuth2AuthorizedClientProvider>) - Constructor for class org.springframework.security.oauth2.client.DelegatingReactiveOAuth2AuthorizedClientProvider

Constructs a DelegatingReactiveOAuth2AuthorizedClientProvider using the provided parameters.

DelegatingReactiveOAuth2AuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProvider...) - Constructor for class org.springframework.security.oauth2.client.DelegatingReactiveOAuth2AuthorizedClientProvider

Constructs a DelegatingReactiveOAuth2AuthorizedClientProvider using the provided parameters.

DelegatingRequestMatcherHeaderWriter - Class in org.springframework.security.web.header.writers

Delegates to the provided HeaderWriter when RequestMatcher.matches(HttpServletRequest) returns true.

DelegatingRequestMatcherHeaderWriter(RequestMatcher, HeaderWriter) - Constructor for class org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter

Creates a new instance

DelegatingSecurityContextAsyncTaskExecutor - Class in org.springframework.security.task

An AsyncTaskExecutor which wraps each Runnable in a DelegatingSecurityContextRunnable and each Callable in a DelegatingSecurityContextCallable.

DelegatingSecurityContextAsyncTaskExecutor(AsyncTaskExecutor) - Constructor for class org.springframework.security.task.DelegatingSecurityContextAsyncTaskExecutor

Creates a new DelegatingSecurityContextAsyncTaskExecutor that uses the current SecurityContext.

DelegatingSecurityContextAsyncTaskExecutor(AsyncTaskExecutor, SecurityContext) - Constructor for class org.springframework.security.task.DelegatingSecurityContextAsyncTaskExecutor

Creates a new DelegatingSecurityContextAsyncTaskExecutor that uses the specified SecurityContext.

DelegatingSecurityContextCallable<V> - Class in org.springframework.security.concurrent

Wraps a delegate Callable with logic for setting up a SecurityContext before invoking the delegate Callable and then removing the SecurityContext after the delegate has completed.

DelegatingSecurityContextCallable(Callable<V>) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextCallable

Creates a new DelegatingSecurityContextCallable with the SecurityContext from the SecurityContextHolder.

DelegatingSecurityContextCallable(Callable<V>, SecurityContext) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextCallable

Creates a new DelegatingSecurityContextCallable with a specific SecurityContext.

DelegatingSecurityContextExecutor - Class in org.springframework.security.concurrent

An Executor which wraps each Runnable in a DelegatingSecurityContextRunnable.

DelegatingSecurityContextExecutor(Executor) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextExecutor

Creates a new DelegatingSecurityContextExecutor that uses the current SecurityContext from the SecurityContextHolder at the time the task is submitted.

DelegatingSecurityContextExecutor(Executor, SecurityContext) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextExecutor

Creates a new DelegatingSecurityContextExecutor that uses the specified SecurityContext.

DelegatingSecurityContextExecutorService - Class in org.springframework.security.concurrent

An ExecutorService which wraps each Runnable in a DelegatingSecurityContextRunnable and each Callable in a DelegatingSecurityContextCallable.

DelegatingSecurityContextExecutorService(ExecutorService) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService

Creates a new DelegatingSecurityContextExecutorService that uses the current SecurityContext from the SecurityContextHolder.

DelegatingSecurityContextExecutorService(ExecutorService, SecurityContext) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService

Creates a new DelegatingSecurityContextExecutorService that uses the specified SecurityContext.

DelegatingSecurityContextRepository - Class in org.springframework.security.web.context

DelegatingSecurityContextRepository(List<SecurityContextRepository>) - Constructor for class org.springframework.security.web.context.DelegatingSecurityContextRepository

DelegatingSecurityContextRepository(SecurityContextRepository...) - Constructor for class org.springframework.security.web.context.DelegatingSecurityContextRepository

DelegatingSecurityContextRunnable - Class in org.springframework.security.concurrent

Wraps a delegate Runnable with logic for setting up a SecurityContext before invoking the delegate Runnable and then removing the SecurityContext after the delegate has completed.

DelegatingSecurityContextRunnable(Runnable) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextRunnable

Creates a new DelegatingSecurityContextRunnable with the SecurityContext from the SecurityContextHolder.

DelegatingSecurityContextRunnable(Runnable, SecurityContext) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextRunnable

Creates a new DelegatingSecurityContextRunnable with a specific SecurityContext.

DelegatingSecurityContextScheduledExecutorService - Class in org.springframework.security.concurrent

An ScheduledExecutorService which wraps each Runnable in a DelegatingSecurityContextRunnable and each Callable in a DelegatingSecurityContextCallable.

DelegatingSecurityContextScheduledExecutorService(ScheduledExecutorService) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextScheduledExecutorService

Creates a new DelegatingSecurityContextScheduledExecutorService that uses the current SecurityContext from the SecurityContextHolder.

DelegatingSecurityContextScheduledExecutorService(ScheduledExecutorService, SecurityContext) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextScheduledExecutorService

Creates a new DelegatingSecurityContextScheduledExecutorService that uses the specified SecurityContext.

DelegatingSecurityContextSchedulingTaskExecutor - Class in org.springframework.security.scheduling

An SchedulingTaskExecutor which wraps each Runnable in a DelegatingSecurityContextRunnable and each Callable in a DelegatingSecurityContextCallable.

DelegatingSecurityContextSchedulingTaskExecutor(SchedulingTaskExecutor) - Constructor for class org.springframework.security.scheduling.DelegatingSecurityContextSchedulingTaskExecutor

Creates a new DelegatingSecurityContextSchedulingTaskExecutor that uses the current SecurityContext.

DelegatingSecurityContextSchedulingTaskExecutor(SchedulingTaskExecutor, SecurityContext) - Constructor for class org.springframework.security.scheduling.DelegatingSecurityContextSchedulingTaskExecutor

Creates a new DelegatingSecurityContextSchedulingTaskExecutor that uses the specified SecurityContext.

DelegatingSecurityContextTaskExecutor - Class in org.springframework.security.task

An TaskExecutor which wraps each Runnable in a DelegatingSecurityContextRunnable.

DelegatingSecurityContextTaskExecutor(TaskExecutor) - Constructor for class org.springframework.security.task.DelegatingSecurityContextTaskExecutor

Creates a new DelegatingSecurityContextTaskExecutor that uses the current SecurityContext from the SecurityContextHolder.

DelegatingSecurityContextTaskExecutor(TaskExecutor, SecurityContext) - Constructor for class org.springframework.security.task.DelegatingSecurityContextTaskExecutor

Creates a new DelegatingSecurityContextTaskExecutor that uses the specified SecurityContext.

DelegatingSecurityContextTaskScheduler - Class in org.springframework.security.scheduling

An implementation of TaskScheduler invoking it whenever the trigger indicates a next execution time.

DelegatingSecurityContextTaskScheduler(TaskScheduler) - Constructor for class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler

Creates a new DelegatingSecurityContextTaskScheduler that uses the current SecurityContext from the SecurityContextHolder.

DelegatingSecurityContextTaskScheduler(TaskScheduler, SecurityContext) - Constructor for class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler

Creates a new DelegatingSecurityContextTaskScheduler that uses the specified SecurityContext.

DelegatingServerAuthenticationConverter - Class in org.springframework.security.web.server.authentication

A ServerAuthenticationConverter that delegates to other ServerAuthenticationConverter instances.

DelegatingServerAuthenticationConverter(List<ServerAuthenticationConverter>) - Constructor for class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationConverter

DelegatingServerAuthenticationConverter(ServerAuthenticationConverter...) - Constructor for class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationConverter

DelegatingServerAuthenticationEntryPoint - Class in org.springframework.security.web.server

A ServerAuthenticationEntryPoint which delegates to multiple ServerAuthenticationEntryPoint based on a ServerWebExchangeMatcher

DelegatingServerAuthenticationEntryPoint(List<DelegatingServerAuthenticationEntryPoint.DelegateEntry>) - Constructor for class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint

DelegatingServerAuthenticationEntryPoint(DelegatingServerAuthenticationEntryPoint.DelegateEntry...) - Constructor for class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint

DelegatingServerAuthenticationEntryPoint.DelegateEntry - Class in org.springframework.security.web.server

DelegatingServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication

Delegates to a collection of ServerAuthenticationSuccessHandler implementations.

DelegatingServerAuthenticationSuccessHandler(List<ServerAuthenticationSuccessHandler>) - Constructor for class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationSuccessHandler

Creates a new instance with the provided list of delegates

DelegatingServerAuthenticationSuccessHandler(ServerAuthenticationSuccessHandler...) - Constructor for class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationSuccessHandler

DelegatingServerLogoutHandler - Class in org.springframework.security.web.server.authentication.logout

Delegates to a collection of ServerLogoutHandler implementations.

DelegatingServerLogoutHandler(Collection<ServerLogoutHandler>) - Constructor for class org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler

DelegatingServerLogoutHandler(ServerLogoutHandler...) - Constructor for class org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler

delete - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot

delete(Bytes) - Method in class org.springframework.security.web.webauthn.management.MapPublicKeyCredentialUserEntityRepository

delete(Bytes) - Method in class org.springframework.security.web.webauthn.management.MapUserCredentialRepository

delete(Bytes) - Method in interface org.springframework.security.web.webauthn.management.PublicKeyCredentialUserEntityRepository

delete(Bytes) - Method in interface org.springframework.security.web.webauthn.management.UserCredentialRepository

Deletes an entry by credential id

DELETE - Static variable in class org.springframework.security.acls.domain.BasePermission

deleteAce(int) - Method in class org.springframework.security.acls.domain.AclImpl

deleteAce(int) - Method in interface org.springframework.security.acls.model.MutableAcl

deleteAcl(ObjectIdentity, boolean) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

deleteAcl(ObjectIdentity, boolean) - Method in interface org.springframework.security.acls.model.MutableAclService

Removes the specified entry from the database.

deleteCookies(String...) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

Allows specifying the names of cookies to be removed on logout success.

deleteEntries(Long) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

Deletes all ACEs defined in the acl_entry table belonging to the presented ObjectIdentity primary key.

deleteGroup(String) - Method in interface org.springframework.security.provisioning.GroupManager

Removes a group, including all members and authorities.

deleteGroup(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

deleteObjectIdentity(Long) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

Deletes a single row from acl_object_identity that is associated with the presented ObjectIdentity primary key.

deleteUser(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

deleteUser(String) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager

deleteUser(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

deleteUser(String) - Method in interface org.springframework.security.provisioning.UserDetailsManager

Remove the user with the given login name from the system.

delux(CharSequence, CharSequence) - Static method in class org.springframework.security.crypto.encrypt.Encryptors

Creates a text encryptor that uses "stronger" password-based encryption.

demergePatterns(String, String) - Static method in class org.springframework.security.acls.domain.AclFormattingUtils

deny() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig

Specify to DENY framing any content from this application.

DENY - Enum constant in enum class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode

DENY - Enum constant in enum class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter.Mode

A browser receiving content with this header field MUST NOT display this content in any frame.

DENY_ALL_ATTRIBUTE - Static variable in class org.springframework.security.access.annotation.Jsr250SecurityConfig

Deprecated.

denyAll - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot

Allows "denyAll" expression

denyAll() - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations

Always denies access

denyAll() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot

denyAll() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access

denyAll() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Specify that URLs are not allowed by anyone.

denyAll() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Deprecated.

Specify that URLs are not allowed by anyone.

denyAll() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Deprecated.

Specify that Messages are not allowed by anyone.

denyAll() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access

Deny access for everyone

denyAll() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint

Specify that Messages are not allowed by anyone.

denyAll() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl

Specify that URLs are not allowed by anyone.

DenyAllPermissionEvaluator - Class in org.springframework.security.access.expression

A null PermissionEvaluator which denies all access.

DenyAllPermissionEvaluator() - Constructor for class org.springframework.security.access.expression.DenyAllPermissionEvaluator

destroy() - Method in class org.springframework.security.authentication.ott.JdbcOneTimeTokenService

destroy() - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

destroy() - Method in class org.springframework.security.ldap.server.ApacheDSContainer

Deprecated.

destroy() - Method in class org.springframework.security.ldap.server.UnboundIdContainer

destroy() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor

Deprecated.

Not used (we rely on IoC container lifecycle services instead)

destroy() - Method in class org.springframework.security.web.debug.DebugFilter

determineCauseChain(Throwable) - Method in class org.springframework.security.web.util.ThrowableAnalyzer

Determines the cause chain of the provided Throwable.

determineExpiredUrl(HttpServletRequest, SessionInformation) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter

Deprecated.

Use ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy) instead.

determineTargetUrl(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

Builds the target URL according to the logic defined in the main class Javadoc.

determineTargetUrl(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler

determineTargetUrl(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

Builds the target URL according to the logic defined in the main class Javadoc

determineUrlToUseForThisRequest(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

Allows subclasses to modify the login form URL that should be applicable for a given request.

DEVICE_CODE - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType

DEVICE_CODE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

device_code - used in Device Authorization Response and Device Access Token Request.

digest() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors

Creates a DigestRequestPostProcessor that enables easily adding digest based authentication to a request.

digest(String) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors

Creates a DigestRequestPostProcessor that enables easily adding digest based authentication to a request.

DigestAuthenticationEntryPoint - Class in org.springframework.security.web.authentication.www

Used by the SecurityEnforcementFilter to commence authentication via the DigestAuthenticationFilter.

DigestAuthenticationEntryPoint() - Constructor for class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint

DigestAuthenticationFilter - Class in org.springframework.security.web.authentication.www

Processes a HTTP request's Digest authorization headers, putting the result into the SecurityContextHolder.

DigestAuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.www.DigestAuthenticationFilter

DigestRequestPostProcessor() - Constructor for class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor

DIRECT - Static variable in class org.springframework.security.web.webauthn.api.AttestationConveyancePreference

The direct preference indicates that the Relying Party wants to receive the attestation statement as generated by the authenticator.

disable() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

Disables the AbstractHttpConfigurer by removing it.

disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CacheControlConfig

Disables Cache Control

disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentTypeOptionsConfig

Removes the X-XSS-Protection header.

disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig

Prevents the header from being added to the response.

disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig

Deprecated.

Prevents the header from being added to the response.

disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig

Disables Strict Transport Security

disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig

Disables X-XSS-Protection header (does not include it)

disable() - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec

Disables anonymous authentication.

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec

Disables CORS support within Spring Security.

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec

Disables CSRF Protection.

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

Disables HTTP Basic authentication.

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CacheSpec

Disables cache control response headers

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec

Disables the content type options response header

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Disables http response headers

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FrameOptionsSpec

Disables frame options response header

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec

Disables strict transport security response header

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.XssProtectionSpec

Disables the x-xss-protection response header

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec

Disables HTTP Basic authentication.

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec

Disables log out

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec

Disables the ServerHttpSecurity.RequestCacheSpec

disabled(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder

Defines if the account is disabled or not.

disabled(boolean) - Method in class org.springframework.security.core.userdetails.User.UserBuilder

Defines if the account is disabled or not.

disabled(boolean) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator

DISABLED - Enum constant in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue

DISABLED - Enum constant in enum class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue

disableDefaultRegistrationPage(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer

Configures whether the default webauthn registration should be disabled.

DisabledException - Exception in org.springframework.security.authentication

Thrown if an authentication request is rejected because the account is disabled.

DisabledException(String) - Constructor for exception org.springframework.security.authentication.DisabledException

Constructs a DisabledException with the specified message.

DisabledException(String, Throwable) - Constructor for exception org.springframework.security.authentication.DisabledException

Constructs a DisabledException with the specified message and root cause.

DisableEncodeUrlFilter - Class in org.springframework.security.web.session

Disables encoding URLs using the HttpServletResponse to prevent including the session id in URLs which is not considered URL because the session id can be leaked in things like HTTP access logs.

DisableEncodeUrlFilter() - Constructor for class org.springframework.security.web.session.DisableEncodeUrlFilter

disableOnResponseCommitted() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper

Invoke this method to disable invoking OnCommittedResponseWrapper.onResponseCommitted() when the HttpServletResponse is committed.

disableSaveOnResponseCommitted() - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper

Deprecated.

Invoke this method to disable automatic saving of the SecurityContext when the HttpServletResponse is committed.

DISCOURAGED - Static variable in class org.springframework.security.web.webauthn.api.ResidentKeyRequirement

The discouraged requirement indicates that the Relying Party prefers creating a server-side credential, but will accept a client-side discoverable credential.

DISCOURAGED - Static variable in class org.springframework.security.web.webauthn.api.UserVerificationRequirement

The discouraged value indicates that the Relying Party does not want user verification employed during the operation (e.g., in the interest of minimizing disruption to the user interaction flow).

dispatcherTypeMatchers(DispatcherType...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

Create a List of DispatcherTypeRequestMatcher instances that do not specify an HttpMethod.

dispatcherTypeMatchers(HttpMethod, DispatcherType...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

Maps a List of DispatcherTypeRequestMatcher instances.

DispatcherTypeRequestMatcher - Class in org.springframework.security.web.util.matcher

Checks the DispatcherType to decide whether to match a given request.

DispatcherTypeRequestMatcher(DispatcherType) - Constructor for class org.springframework.security.web.util.matcher.DispatcherTypeRequestMatcher

Creates an instance which matches requests with the provided DispatcherType

DispatcherTypeRequestMatcher(DispatcherType, HttpMethod) - Constructor for class org.springframework.security.web.util.matcher.DispatcherTypeRequestMatcher

Creates an instance which matches requests with the provided DispatcherType and HttpMethod

displayName(String) - Method in class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.PublicKeyCredentialUserEntityBuilder

Sets the ImmutablePublicKeyCredentialUserEntity.getDisplayName() property.

DN_KEY - Static variable in class org.springframework.security.ldap.SpringSecurityLdapTemplate

Every search results where a record is defined by a Map<String,String[]> contains at least this key - the DN of the record itself.

DO_BREAK_LINES - Static variable in class org.springframework.security.crypto.codec.Base64

Deprecated.

Do break lines when encoding.

doAfterPropertiesSet() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

doAfterPropertiesSet() - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider

doAuthentication(UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

doAuthentication(UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider

doAuthentication(UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.ldap.authentication.LdapAuthenticationProvider

doBuild() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Executes the build using the SecurityConfigurer's that have been applied using the following steps: Invokes AbstractConfiguredSecurityBuilder.beforeInit() for any subclass to hook into Invokes SecurityConfigurer.init(SecurityBuilder) for any SecurityConfigurer that was applied to this builder. Invokes AbstractConfiguredSecurityBuilder.beforeConfigure() for any subclass to hook into Invokes AbstractConfiguredSecurityBuilder.performBuild() which actually builds the Object

doBuild() - Method in class org.springframework.security.config.annotation.AbstractSecurityBuilder

Subclasses should implement this to perform the build.

doEndTag() - Method in class org.springframework.security.taglibs.authz.AuthenticationTag

doEndTag() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag

Default processing of the end tag returning EVAL_PAGE.

doEndTag() - Method in class org.springframework.security.taglibs.csrf.CsrfMetaTagsTag

doesRequestMatch(HttpServletRequest, PortResolver) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest

Determines if the current request matches the DefaultSavedRequest.

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.cas.web.CasGatewayAuthenticationRedirectFilter

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor

Deprecated.

Method that is actually called by the filter chain.

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Invokes the requiresAuthentication method to determine whether the request is for authentication and should be handled by this filter.

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

Try to authenticate a pre-authenticated user with Spring Security if the user has not yet been authenticated.

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.ui.DefaultResourcesFilter

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.context.SecurityContextHolderFilter

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.context.SecurityContextPersistenceFilter

Deprecated.

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.debug.DebugFilter

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.FilterChainProxy

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter

Attempts to obtain and run as a JAAS Subject using JaasApiIntegrationFilter.obtainSubject(ServletRequest).

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.savedrequest.RequestCacheAwareFilter

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter

doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.session.SessionManagementFilter

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter

Extract any Bearer Token from the request and attempt an authentication.

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.saml2.provider.service.web.Saml2WebSsoAuthenticationRequestFilter

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.AuthenticationFilter

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.ott.GenerateOneTimeTokenFilter

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.ui.DefaultOneTimeTokenSubmitPageGeneratingFilter

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.csrf.CsrfFilter

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.header.HeaderWriterFilter

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.RequestMatcherRedirectFilter

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.session.DisableEncodeUrlFilter

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.session.ForceEagerSessionCreationFilter

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.webauthn.authentication.PublicKeyCredentialRequestOptionsFilter

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.webauthn.registration.DefaultWebAuthnRegistrationPageGeneratingFilter

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.webauthn.registration.PublicKeyCredentialCreationOptionsFilter

doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.webauthn.registration.WebAuthnRegistrationFilter

doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser

doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.authentication.JdbcUserServiceBeanDefinitionParser

doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.authentication.UserServiceBeanDefinitionParser

doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

doStartTag() - Method in class org.springframework.security.taglibs.authz.AccessControlListTag

doStartTag() - Method in class org.springframework.security.taglibs.authz.AuthenticationTag

doStartTag() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag

Invokes the base class AbstractAuthorizeTag.authorize() method to decide if the body of the tag should be skipped or not.

E

EdDSA - Static variable in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier

EdDSA - Static variable in class org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters

Elements - Class in org.springframework.security.config

Contains all the element names used by Spring Security 3 namespace support.

Elements() - Constructor for class org.springframework.security.config.Elements

ELRequestMatcher - Class in org.springframework.security.web.util.matcher

A RequestMatcher implementation which uses a SpEL expression

ELRequestMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.ELRequestMatcher

email(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Use this email in the resulting OidcUserInfo

EMAIL - Static variable in class org.springframework.security.oauth2.core.oidc.OidcScopes

The email scope requests access to the email and email_verified claims.

EMAIL - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames

email - the user's preferred e-mail address

EMAIL_VERIFIED - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames

email_verified - true if the user's e-mail address has been verified, otherwise false

emailVerified(Boolean) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Use this verified-email indicator in the resulting OidcUserInfo

EMBEDDED_APACHE_DS - Static variable in class org.springframework.security.config.BeanIds

EMBEDDED_UNBOUNDID - Static variable in class org.springframework.security.config.BeanIds

EmbeddedLdapServerContainer - Interface in org.springframework.security.ldap.server

Provides lifecycle services for an embedded LDAP server.

EmbeddedLdapServerContextSourceFactoryBean - Class in org.springframework.security.config.ldap

Creates a DefaultSpringSecurityContextSource used to perform LDAP authentication and starts and in-memory LDAP server.

EmbeddedLdapServerContextSourceFactoryBean() - Constructor for class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

EMBEDDER_POLICY - Static variable in class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter

ENABLED - Enum constant in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue

ENABLED - Enum constant in enum class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue

ENABLED_MODE_BLOCK - Enum constant in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue

ENABLED_MODE_BLOCK - Enum constant in enum class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue

enableDefaultTyping(ObjectMapper) - Static method in class org.springframework.security.jackson2.SecurityJackson2Modules

EnableGlobalAuthentication - Annotation Interface in org.springframework.security.config.annotation.authentication.configuration

The EnableGlobalAuthentication annotation signals that the annotated class can be used to configure a global instance of AuthenticationManagerBuilder.

enableGlobalAuthenticationAutowiredConfigurer(ApplicationContext) - Static method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration

EnableGlobalMethodSecurity - Annotation Interface in org.springframework.security.config.annotation.method.configuration

Deprecated.

Use EnableMethodSecurity instead

enableHttpSessionEventPublisher() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer

Override this if HttpSessionEventPublisher should be added as a listener.

EnableMethodSecurity - Annotation Interface in org.springframework.security.config.annotation.method.configuration

Enables Spring Security Method Security.

EnableReactiveMethodSecurity - Annotation Interface in org.springframework.security.config.annotation.method.configuration

EnableRSocketSecurity - Annotation Interface in org.springframework.security.config.annotation.rsocket

Add this annotation to a Configuration class to have Spring Security RSocketSecurity support added.

enableSessionUrlRewriting(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

If set to true, allows HTTP sessions to be rewritten in the URLs when using HttpServletResponse.encodeRedirectURL(String) or HttpServletResponse.encodeURL(String), otherwise disallows HTTP sessions to be included in the URL.

EnableWebFluxSecurity - Annotation Interface in org.springframework.security.config.annotation.web.reactive

Add this annotation to a Configuration class to have Spring Security WebFlux support added.

EnableWebMvcSecurity - Annotation Interface in org.springframework.security.config.annotation.web.servlet.configuration

Deprecated.

Use EnableWebSecurity instead which will automatically add the Spring MVC related Security items.

EnableWebSecurity - Annotation Interface in org.springframework.security.config.annotation.web.configuration

Add this annotation to an @Configuration class to have the Spring Security configuration defined in any WebSecurityConfigurer or more likely by exposing a SecurityFilterChain bean:

EnableWebSocketSecurity - Annotation Interface in org.springframework.security.config.annotation.web.socket

Allows configuring WebSocket Authorization.

encode(byte[]) - Static method in class org.springframework.security.crypto.codec.Base64

Deprecated.

encode(byte[]) - Static method in class org.springframework.security.crypto.codec.Hex

encode(CharSequence) - Method in class org.springframework.security.crypto.argon2.Argon2PasswordEncoder

encode(CharSequence) - Method in class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder

encode(CharSequence) - Static method in class org.springframework.security.crypto.codec.Utf8

Get the bytes of the String in UTF-8 encoded form.

encode(CharSequence) - Method in class org.springframework.security.crypto.password.AbstractPasswordEncoder

encode(CharSequence) - Method in class org.springframework.security.crypto.password.DelegatingPasswordEncoder

encode(CharSequence) - Method in class org.springframework.security.crypto.password.LdapShaPasswordEncoder

Deprecated.

Calculates the hash of password (and salt bytes, if supplied) and returns a base64 encoded concatenation of the hash and salt, prefixed with {SHA} (or {SSHA} if salt was used).

encode(CharSequence) - Method in class org.springframework.security.crypto.password.Md4PasswordEncoder

Deprecated.

Encodes the rawPass using a MessageDigest.

encode(CharSequence) - Method in class org.springframework.security.crypto.password.MessageDigestPasswordEncoder

Deprecated.

Encodes the rawPass using a MessageDigest.

encode(CharSequence) - Method in class org.springframework.security.crypto.password.NoOpPasswordEncoder

Deprecated.

encode(CharSequence) - Method in interface org.springframework.security.crypto.password.PasswordEncoder

Encode the raw password.

encode(CharSequence) - Method in class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder

encode(CharSequence) - Method in class org.springframework.security.crypto.password.StandardPasswordEncoder

Deprecated.

encode(CharSequence) - Method in class org.springframework.security.crypto.scrypt.SCryptPasswordEncoder

encode(CharSequence, byte[]) - Method in class org.springframework.security.crypto.password.AbstractPasswordEncoder

encode(Publisher<? extends BearerTokenMetadata>, DataBufferFactory, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.BearerTokenAuthenticationEncoder

encode(Publisher<? extends UsernamePasswordMetadata>, DataBufferFactory, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.BasicAuthenticationEncoder

Deprecated.

encode(Publisher<? extends UsernamePasswordMetadata>, DataBufferFactory, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.SimpleAuthenticationEncoder

encode(JwtEncoderParameters) - Method in interface org.springframework.security.oauth2.jwt.JwtEncoder

Encode the JWT to it's compact claims representation format.

encode(JwtEncoderParameters) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtEncoder

ENCODE - Static variable in class org.springframework.security.crypto.codec.Base64

Deprecated.

Specify encoding in first bit.

encodeAndConcatenate(CharSequence, byte[]) - Method in class org.springframework.security.crypto.password.AbstractPasswordEncoder

encodeCookie(String[]) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

Inverse operation of decodeCookie.

encodeRedirectURL(String) - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper

Deprecated.

encodeURL(String) - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper

Deprecated.

encodeValue(BearerTokenMetadata, DataBufferFactory, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.BearerTokenAuthenticationEncoder

encodeValue(UsernamePasswordMetadata, DataBufferFactory, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.BasicAuthenticationEncoder

Deprecated.

encodeValue(UsernamePasswordMetadata, DataBufferFactory, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.SimpleAuthenticationEncoder

EncodingUtils - Class in org.springframework.security.crypto.util

Static helper for encoding data.

encrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.AesBytesEncryptor

encrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.BouncyCastleAesCbcBytesEncryptor

encrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.BouncyCastleAesGcmBytesEncryptor

encrypt(byte[]) - Method in interface org.springframework.security.crypto.encrypt.BytesEncryptor

Encrypt the byte array.

encrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.RsaRawEncryptor

encrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

encrypt(String) - Method in class org.springframework.security.crypto.encrypt.RsaRawEncryptor

encrypt(String) - Method in class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

encrypt(String) - Method in interface org.springframework.security.crypto.encrypt.TextEncryptor

Encrypt the raw text string.

encryption(X509Certificate) - Static method in class org.springframework.security.saml2.core.Saml2X509Credential

Create a Saml2X509Credential that can be used for encryption.

ENCRYPTION - Enum constant in enum class org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType

encryptionX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder

Apply this Consumer to the list of Saml2X509Credentials

encryptionX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder

Apply this Consumer to the list of Saml2X509Credentials

encryptionX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder

Apply this Consumer to the list of Saml2X509Credentials

Encryptors - Class in org.springframework.security.crypto.encrypt

Factory for commonly used encryptors.

ENTERPRISE - Static variable in class org.springframework.security.web.webauthn.api.AttestationConveyancePreference

The enterprise preference indicates that the Relying Party wants to receive an attestation statement that may include uniquely identifying information.

entityId(String) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder

Set the asserting party's EntityID.

entityId(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder

Set the asserting party's EntityID.

entityId(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder

Deprecated.

entityId(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder

Set the asserting party's EntityID.

entityId(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder

Set the relying party's EntityID.

Enumerator<T> - Class in org.springframework.security.web.savedrequest

Adapter that wraps an Enumeration around a Java 2 collection Iterator.

Enumerator(Collection<T>) - Constructor for class org.springframework.security.web.savedrequest.Enumerator

Return an Enumeration over the values of the specified Collection.

Enumerator(Collection<T>, boolean) - Constructor for class org.springframework.security.web.savedrequest.Enumerator

Return an Enumeration over the values of the specified Collection.

Enumerator(Iterator<T>) - Constructor for class org.springframework.security.web.savedrequest.Enumerator

Return an Enumeration over the values returned by the specified Iterator.

Enumerator(Iterator<T>, boolean) - Constructor for class org.springframework.security.web.savedrequest.Enumerator

Return an Enumeration over the values returned by the specified Iterator.

Enumerator(Map<?, T>) - Constructor for class org.springframework.security.web.savedrequest.Enumerator

Return an Enumeration over the values of the specified Map.

Enumerator(Map<?, T>, boolean) - Constructor for class org.springframework.security.web.savedrequest.Enumerator

Return an Enumeration over the values of the specified Map.

equals(Object) - Method in class org.springframework.security.access.SecurityConfig

equals(Object) - Method in class org.springframework.security.acls.domain.AbstractPermission

equals(Object) - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl

equals(Object) - Method in class org.springframework.security.acls.domain.AclImpl

equals(Object) - Method in class org.springframework.security.acls.domain.GrantedAuthoritySid

equals(Object) - Method in class org.springframework.security.acls.domain.ObjectIdentityImpl

Important so caching operates properly.

equals(Object) - Method in class org.springframework.security.acls.domain.PrincipalSid

equals(Object) - Method in interface org.springframework.security.acls.model.ObjectIdentity

equals(Object) - Method in interface org.springframework.security.acls.model.Sid

Refer to the java.lang.Object documentation for the interface contract.

equals(Object) - Method in class org.springframework.security.authentication.AbstractAuthenticationToken

equals(Object) - Method in class org.springframework.security.authentication.AnonymousAuthenticationToken

equals(Object) - Method in class org.springframework.security.authentication.jaas.JaasGrantedAuthority

equals(Object) - Method in class org.springframework.security.authentication.RememberMeAuthenticationToken

equals(Object) - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken

equals(Object) - Method in class org.springframework.security.core.authority.SimpleGrantedAuthority

equals(Object) - Method in class org.springframework.security.core.context.SecurityContextImpl

equals(Object) - Method in class org.springframework.security.core.token.DefaultToken

equals(Object) - Method in class org.springframework.security.core.userdetails.User

Returns true if the supplied object is a User instance with the same username value.

equals(Object) - Method in class org.springframework.security.ldap.userdetails.LdapAuthority

Compares the LdapAuthority based on LdapAuthority.getAuthority() and LdapAuthority.getDn() values.

equals(Object) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl

equals(Object) - Method in class org.springframework.security.messaging.util.matcher.SimpMessageTypeMatcher

equals(Object) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientId

equals(Object) - Method in class org.springframework.security.oauth2.core.AbstractOAuth2Token

equals(Object) - Method in class org.springframework.security.oauth2.core.AuthenticationMethod

equals(Object) - Method in class org.springframework.security.oauth2.core.AuthorizationGrantType

equals(Object) - Method in class org.springframework.security.oauth2.core.ClientAuthenticationMethod

equals(Object) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType

equals(Object) - Method in class org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType

equals(Object) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim

equals(Object) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo

equals(Object) - Method in class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority

equals(Object) - Method in class org.springframework.security.oauth2.core.user.DefaultOAuth2User

equals(Object) - Method in class org.springframework.security.oauth2.core.user.OAuth2UserAuthority

equals(Object) - Method in class org.springframework.security.saml2.core.Saml2X509Credential

equals(Object) - Method in class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal

equals(Object) - Method in class org.springframework.security.util.InMemoryResource

equals(Object) - Method in class org.springframework.security.web.access.intercept.RequestKey

equals(Object) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority

equals(Object) - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails

equals(Object) - Method in class org.springframework.security.web.header.Header

equals(Object) - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken

equals(Object) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher

equals(Object) - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher

equals(Object) - Method in class org.springframework.security.web.util.matcher.AnyRequestMatcher

equals(Object) - Method in class org.springframework.security.web.webauthn.api.Bytes

equalTo(Function<Authentication, String>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl.AuthorizedUrlVariable

Compares the value of a path variable in the URI with an `Authentication` attribute

eraseCredentials() - Method in class org.springframework.security.authentication.AbstractAuthenticationToken

Checks the credentials, principal and details objects, invoking the eraseCredentials method on any which implement CredentialsContainer.

eraseCredentials() - Method in class org.springframework.security.authentication.UsernamePasswordAuthenticationToken

eraseCredentials() - Method in class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken

eraseCredentials() - Method in interface org.springframework.security.core.CredentialsContainer

eraseCredentials() - Method in class org.springframework.security.core.userdetails.User

eraseCredentials() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl

eraseCredentials(boolean) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

error(String) - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse

Returns a new OAuth2AuthorizationResponse.Builder, initialized with the error code.

ERROR - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

error - used in Authorization Response and Access Token Response.

ERROR_DESCRIPTION - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

error_description - used in Authorization Response and Access Token Response.

ERROR_PARAMETER_NAME - Static variable in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

ERROR_URI - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

error_uri - used in Authorization Response and Access Token Response.

errorCode(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder

Sets the error code.

errorConverter - Variable in class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter

errorDescription(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder

Sets the error description.

errorOnInvalidType() - Element in annotation interface org.springframework.security.core.annotation.AuthenticationPrincipal

True if a ClassCastException should be thrown when the current Authentication.getPrincipal() is the incorrect type.

errorOnInvalidType() - Element in annotation interface org.springframework.security.core.annotation.CurrentSecurityContext

True if a ClassCastException should be thrown when the current SecurityContext is the incorrect type.

errorOnInvalidType() - Element in annotation interface org.springframework.security.web.bind.annotation.AuthenticationPrincipal

Deprecated.

True if a ClassCastException should be thrown when the current Authentication.getPrincipal() is the incorrect type.

errorParametersConverter - Variable in class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter

errors(Consumer<Collection<Saml2Error>>) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult.Builder

errorUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder

Sets the error uri.

ES256 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm

ECDSA using P-256 and SHA-256 (Recommended+)

ES256 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms

ECDSA using P-256 and SHA-256 (Recommended+)

ES256 - Static variable in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier

ES256 - Static variable in class org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters

ES384 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm

ECDSA using P-384 and SHA-384 (Optional)

ES384 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms

ECDSA using P-384 and SHA-384 (Optional)

ES384 - Static variable in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier

ES384 - Static variable in class org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters

ES512 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm

ECDSA using P-521 and SHA-512 (Optional)

ES512 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms

ECDSA using P-521 and SHA-512 (Optional)

ES512 - Static variable in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier

ES512 - Static variable in class org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters

escapeEntities(String) - Static method in class org.springframework.security.web.util.TextEscapeUtils

Essence() - Constructor for class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

Essence() - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence

Essence() - Constructor for class org.springframework.security.ldap.userdetails.Person.Essence

Essence(DirContextOperations) - Constructor for class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

Essence(DirContextOperations) - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence

Essence(DirContextOperations) - Constructor for class org.springframework.security.ldap.userdetails.Person.Essence

Essence(InetOrgPerson) - Constructor for class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

Essence(LdapUserDetails) - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence

Essence(Person) - Constructor for class org.springframework.security.ldap.userdetails.Person.Essence

evalOrSkip(boolean) - Static method in class org.springframework.security.taglibs.TagLibConfig

Returns EVAL_BODY_INCLUDE if the authorized flag is true or UI security has been disabled.

evaluateAsBoolean(Expression, EvaluationContext) - Static method in class org.springframework.security.access.expression.ExpressionUtils

eventPublisher - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

events(Map<String, Object>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder

A JSON object that identifies this token as a logout token

EVENTS - Static variable in class org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimNames

events - a JSON object that identifies this token as a logout token

evictFromCache(Serializable) - Method in class org.springframework.security.acls.domain.SpringCacheBasedAclCache

evictFromCache(Serializable) - Method in interface org.springframework.security.acls.model.AclCache

evictFromCache(ObjectIdentity) - Method in class org.springframework.security.acls.domain.SpringCacheBasedAclCache

evictFromCache(ObjectIdentity) - Method in interface org.springframework.security.acls.model.AclCache

EXCEPTION_TRANSLATION - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

exceptionHandling() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.exceptionHandling(Customizer) or exceptionHandling(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

exceptionHandling() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.exceptionHandling(Customizer) or exceptionHandling(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

exceptionHandling(Customizer<ExceptionHandlingConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring exception handling.

exceptionHandling(Customizer<ServerHttpSecurity.ExceptionHandlingSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures exception handling (i.e.

ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds exception handling for Spring Security related exceptions to an application.

ExceptionHandlingConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer

Creates a new instance

ExceptionMappingAuthenticationFailureHandler - Class in org.springframework.security.web.authentication

Uses the internal map of exceptions types to URLs to determine the destination on authentication failure.

ExceptionMappingAuthenticationFailureHandler() - Constructor for class org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler

ExceptionTranslationFilter - Class in org.springframework.security.web.access

Handles any AccessDeniedException and AuthenticationException thrown within the filter chain.

ExceptionTranslationFilter(AuthenticationEntryPoint) - Constructor for class org.springframework.security.web.access.ExceptionTranslationFilter

ExceptionTranslationFilter(AuthenticationEntryPoint, RequestCache) - Constructor for class org.springframework.security.web.access.ExceptionTranslationFilter

ExceptionTranslationWebFilter - Class in org.springframework.security.web.server.authorization

ExceptionTranslationWebFilter() - Constructor for class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter

ExchangeMatcherRedirectWebFilter - Class in org.springframework.security.web.server

Web filter that redirects requests that match ServerWebExchangeMatcher to the specified URL.

ExchangeMatcherRedirectWebFilter(ServerWebExchangeMatcher, String) - Constructor for class org.springframework.security.web.server.ExchangeMatcherRedirectWebFilter

Create and initialize an instance of the web filter.

excludeCredentials(List<PublicKeyCredentialDescriptor>) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder

Sets the PublicKeyCredentialCreationOptions.getExcludeCredentials() property.

execute(Runnable) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutor

execute(Runnable, long) - Method in class org.springframework.security.task.DelegatingSecurityContextAsyncTaskExecutor

EXECUTION_CONTEXTS - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive

EXECUTION_CONTEXTS - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive

exitSwitchUser(WebFilterExchange) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter

Attempt to exit from an already switched user.

EXP - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames

exp - A timestamp indicating when the token expires

EXP - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames

exp - the Expiration time on or after which the ID Token MUST NOT be accepted

EXP - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames

exp - the Expiration time claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing

expiredSessionStrategy(SessionInformationExpiredStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer

Determines the behaviour when an expired session is detected.

expiredUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer

The URL to redirect to if a user tries to access a resource and their session has been expired due to too many sessions for the current user.

expireNow() - Method in class org.springframework.security.core.session.SessionInformation

EXPIRES_IN - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

expires_in - used in Authorization Response and Access Token Response.

EXPIRES_VALUE - Static variable in class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter

The value for expires value

expiresAt(Instant) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder

Use this expiration in the resulting OidcIdToken

expiresAt(Instant) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder

Use this expiration in the resulting Jwt

expiresAt(Instant) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder

Sets the expiration time (exp) claim, which identifies the time on or after which the JWT MUST NOT be accepted for processing.

expiresIn(long) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder

Sets the lifetime (in seconds) of the access token.

expiresIn(long) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse.Builder

Sets the lifetime (in seconds) of the device code and user code.

exportTestSecurityContext() - Static method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultHandlers

Exports the SecurityContext from TestSecurityContextHolder to SecurityContextHolder

expression() - Element in annotation interface org.springframework.security.core.annotation.AuthenticationPrincipal

If specified will use the provided SpEL expression to resolve the principal.

expression() - Element in annotation interface org.springframework.security.core.annotation.CurrentSecurityContext

If specified, will use the provided SpEL expression to resolve the security context.

EXPRESSION_HANDLER - Static variable in class org.springframework.security.config.Elements

ExpressionAttributeAuthorizationDecision - Class in org.springframework.security.authorization.method

Deprecated.

Use ExpressionAuthorizationDecision instead

ExpressionAttributeAuthorizationDecision(boolean, ExpressionAttribute) - Constructor for class org.springframework.security.authorization.method.ExpressionAttributeAuthorizationDecision

Deprecated.

ExpressionAuthorizationDecision - Class in org.springframework.security.authorization

Represents an AuthorizationDecision based on a Expression

ExpressionAuthorizationDecision(boolean, Expression) - Constructor for class org.springframework.security.authorization.ExpressionAuthorizationDecision

ExpressionBasedAnnotationAttributeFactory - Class in org.springframework.security.access.expression.method

Deprecated.

Use AuthorizationManager interceptors instead

ExpressionBasedAnnotationAttributeFactory(MethodSecurityExpressionHandler) - Constructor for class org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory

Deprecated.

ExpressionBasedFilterInvocationSecurityMetadataSource - Class in org.springframework.security.web.access.expression

Expression-based FilterInvocationSecurityMetadataSource.

ExpressionBasedFilterInvocationSecurityMetadataSource(LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>, SecurityExpressionHandler<FilterInvocation>) - Constructor for class org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource

ExpressionBasedMessageSecurityMetadataSourceFactory - Class in org.springframework.security.messaging.access.expression

Deprecated.

Use MessageMatcherDelegatingAuthorizationManager instead

ExpressionBasedPostInvocationAdvice - Class in org.springframework.security.access.expression.method

Deprecated.

Use AuthorizationManagerAfterMethodInterceptor instead

ExpressionBasedPostInvocationAdvice(MethodSecurityExpressionHandler) - Constructor for class org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice

Deprecated.

ExpressionBasedPreInvocationAdvice - Class in org.springframework.security.access.expression.method

Deprecated.

Use AuthorizationManagerAfterMethodInterceptor instead

ExpressionBasedPreInvocationAdvice() - Constructor for class org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice

Deprecated.

expressionHandler(SecurityExpressionHandler<Message<Object>>) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Deprecated.

The SecurityExpressionHandler to be used.

expressionHandler(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Set the SecurityExpressionHandler to be used.

expressionHandler(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry

Deprecated.

Allows customization of the SecurityExpressionHandler to be used.

ExpressionJwtGrantedAuthoritiesConverter - Class in org.springframework.security.oauth2.server.resource.authentication

Uses an expression for extracting the token claim value to use for mapping authorities.

ExpressionJwtGrantedAuthoritiesConverter(Expression) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.ExpressionJwtGrantedAuthoritiesConverter

Constructs a ExpressionJwtGrantedAuthoritiesConverter using the provided authoritiesClaimExpression.

ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Deprecated.

Use AuthorizeHttpRequestsConfigurer instead

ExpressionUrlAuthorizationConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer

Deprecated.

Creates a new instance

ExpressionUrlAuthorizationConfigurer.AuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers

Deprecated.

ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry - Class in org.springframework.security.config.annotation.web.configurers

Deprecated.

ExpressionUtils - Class in org.springframework.security.access.expression

EXTENSION_ID - Static variable in class org.springframework.security.web.webauthn.api.CredentialPropertiesOutput

The extension id.

extensions(AuthenticationExtensionsClientInputs) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder

Sets the PublicKeyCredentialCreationOptions.getExtensions() property.

extensions(AuthenticationExtensionsClientInputs) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder

Sets the PublicKeyCredentialRequestOptions.getExtensions() property

extractAttributes(A) - Method in interface org.springframework.security.access.annotation.AnnotationMetadataExtractor

Deprecated.

extractAttributes(HttpSession) - Method in class org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy

Called to extract the existing attributes from the session, prior to invalidating it.

extractCause(Throwable) - Method in interface org.springframework.security.web.util.ThrowableCauseExtractor

Extracts the cause from the provided Throwable.

extractControl(DirContext) - Static method in class org.springframework.security.ldap.ppolicy.PasswordPolicyControlExtractor

extractPathVariables(Message<?>) - Method in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher

extractPrincipal(X509Certificate) - Method in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor

extractPrincipal(X509Certificate) - Method in interface org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor

Returns the principal (usually a String) for the given certificate.

extractRememberMeCookie(HttpServletRequest) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

Locates the Spring Security remember me cookie in the request and returns its value.

extractUriTemplateVariables(HttpServletRequest) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher

Deprecated.

extractUriTemplateVariables(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher

Deprecated.

extractUriTemplateVariables(HttpServletRequest) - Method in interface org.springframework.security.web.util.matcher.RequestVariablesExtractor

Deprecated.

Extract URL template variables from the request.

F

FACEBOOK - Enum constant in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider

factory() - Element in annotation interface org.springframework.security.test.context.support.WithSecurityContext

The WithUserDetailsSecurityContextFactory to use to create the SecurityContext.

failure(Collection<OAuth2Error>) - Static method in class org.springframework.security.oauth2.core.OAuth2TokenValidatorResult

Construct a failure OAuth2TokenValidatorResult with the provided detail

failure(Collection<Saml2Error>) - Static method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult

Construct a failure Saml2ResponseValidatorResult with the provided detail

failure(OAuth2Error...) - Static method in class org.springframework.security.oauth2.core.OAuth2TokenValidatorResult

Construct a failure OAuth2TokenValidatorResult with the provided detail

failure(Saml2Error...) - Static method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult

Construct a failure Saml2ResponseValidatorResult with the provided detail

failureForwardUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer

Forward Authentication Failure Handler

failureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Specifies the AuthenticationFailureHandler to use when authentication fails.

failureUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

The URL to send users if authentication fails.

FAMILY_NAME - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames

family_name - the user's surname(s) or last name(s)

familyName(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Use this family name in the resulting OidcUserInfo

FastHttpDateFormat - Class in org.springframework.security.web.savedrequest

Utility class to generate HTTP dates.

FEATURE_POLICY - Static variable in class org.springframework.security.web.server.header.FeaturePolicyServerHttpHeadersWriter

featurePolicy(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Deprecated.

For removal in 7.0. Use HeadersConfigurer.permissionsPolicy(Customizer) or permissionsPolicy(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

featurePolicy(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Deprecated.

For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.permissionsPolicy(Customizer) instead.

FeaturePolicyHeaderWriter - Class in org.springframework.security.web.header.writers

Provides support for Feature Policy.

FeaturePolicyHeaderWriter(String) - Constructor for class org.springframework.security.web.header.writers.FeaturePolicyHeaderWriter

Create a new instance of FeaturePolicyHeaderWriter with supplied security policy directive(s).

FeaturePolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header

Writes the Feature-Policy response header with configured policy directives.

FeaturePolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.FeaturePolicyServerHttpHeadersWriter

FieldUtils - Class in org.springframework.security.util

Offers static methods for directly manipulating fields.

filter(Object, Expression, EvaluationContext) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler

Filters the filterTarget object (which must be either a Collection, Array, Map or Stream), by evaluating the supplied expression.

filter(Object, Expression, EvaluationContext) - Method in interface org.springframework.security.access.expression.method.MethodSecurityExpressionHandler

Filters a target collection or array.

filter(ClientRequest, ExchangeFunction) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction

filter(ClientRequest, ExchangeFunction) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction

filter(ClientRequest, ExchangeFunction) - Method in class org.springframework.security.oauth2.server.resource.web.reactive.function.client.ServerBearerExchangeFilterFunction

filter(ClientRequest, ExchangeFunction) - Method in class org.springframework.security.oauth2.server.resource.web.reactive.function.client.ServletBearerExchangeFilterFunction

filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationCodeGrantWebFilter

filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter

filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter

filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter

filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.logout.LogoutWebFilter

filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.ott.GenerateOneTimeTokenWebFilter

filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter

filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authorization.AuthorizationWebFilter

filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter

filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.context.ReactorContextWebFilter

filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter

filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter

filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.ExchangeMatcherRedirectWebFilter

filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.header.HttpHeaderWriterWebFilter

filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter

filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.transport.HttpsRedirectWebFilter

filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.ui.DefaultResourcesWebFilter

filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter

filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.ui.LogoutPageGeneratingWebFilter

filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.ui.OneTimeTokenSubmitPageGeneratingWebFilter

filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.WebFilterChainProxy

FILTER_CHAIN - Static variable in class org.springframework.security.config.Elements

FILTER_CHAIN_MAP - Static variable in class org.springframework.security.config.Elements

FILTER_CHAIN_PROXY - Static variable in class org.springframework.security.config.BeanIds

FILTER_CHAINS - Static variable in class org.springframework.security.config.BeanIds

FILTER_SECURITY_METADATA_SOURCE - Static variable in class org.springframework.security.config.Elements

FilterBasedLdapUserSearch - Class in org.springframework.security.ldap.search

LdapUserSearch implementation which uses an Ldap filter to locate the user.

FilterBasedLdapUserSearch(String, String, BaseLdapPathContextSource) - Constructor for class org.springframework.security.ldap.search.FilterBasedLdapUserSearch

FilterChainBeanDefinitionParser - Class in org.springframework.security.config.http

FilterChainBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.FilterChainBeanDefinitionParser

FilterChainDecoratorFactory() - Constructor for class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.FilterChainDecoratorFactory

FilterChainMapBeanDefinitionDecorator - Class in org.springframework.security.config.http

Sets the filter chain Map for a FilterChainProxy bean declaration.

FilterChainMapBeanDefinitionDecorator() - Constructor for class org.springframework.security.config.http.FilterChainMapBeanDefinitionDecorator

FilterChainProxy - Class in org.springframework.security.web

Delegates Filter requests to a list of Spring-managed filter beans.

FilterChainProxy() - Constructor for class org.springframework.security.web.FilterChainProxy

FilterChainProxy(List<SecurityFilterChain>) - Constructor for class org.springframework.security.web.FilterChainProxy

FilterChainProxy(SecurityFilterChain) - Constructor for class org.springframework.security.web.FilterChainProxy

FilterChainProxy.FilterChainDecorator - Interface in org.springframework.security.web

A strategy for decorating the provided filter chain with one that accounts for the SecurityFilterChain for a given request.

FilterChainProxy.FilterChainValidator - Interface in org.springframework.security.web

FilterChainProxy.VirtualFilterChainDecorator - Class in org.springframework.security.web

A FilterChainProxy.FilterChainDecorator that uses the FilterChainProxy.VirtualFilterChain

FilterInvocation - Class in org.springframework.security.web

Holds objects associated with a HTTP filter.

FilterInvocation(ServletRequest, ServletResponse, FilterChain) - Constructor for class org.springframework.security.web.FilterInvocation

FilterInvocation(String, String) - Constructor for class org.springframework.security.web.FilterInvocation

FilterInvocation(String, String, String) - Constructor for class org.springframework.security.web.FilterInvocation

FilterInvocation(String, String, String, ServletContext) - Constructor for class org.springframework.security.web.FilterInvocation

FilterInvocation(String, String, String, String, String) - Constructor for class org.springframework.security.web.FilterInvocation

FilterInvocation(String, String, String, String, String, ServletContext) - Constructor for class org.springframework.security.web.FilterInvocation

FilterInvocationSecurityMetadataSource - Interface in org.springframework.security.web.access.intercept

Marker interface for SecurityMetadataSource implementations that are designed to perform lookups keyed on FilterInvocations.

FilterInvocationSecurityMetadataSourceParser - Class in org.springframework.security.config.http

Deprecated.

Use `use-authorization-manager` property instead

FilterInvocationSecurityMetadataSourceParser() - Constructor for class org.springframework.security.config.http.FilterInvocationSecurityMetadataSourceParser

Deprecated.

FilterSecurityInterceptor - Class in org.springframework.security.web.access.intercept

Deprecated.

Use AuthorizationFilter instead

FilterSecurityInterceptor() - Constructor for class org.springframework.security.web.access.intercept.FilterSecurityInterceptor

Deprecated.

filterSecurityInterceptorOncePerRequest(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry

Deprecated.

Allows setting if the FilterSecurityInterceptor should be only applied once per request (i.e.

filterTarget() - Element in annotation interface org.springframework.security.access.prepost.PreFilter

finallyInvocation(InterceptorStatusToken) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

Cleans up the work of the AbstractSecurityInterceptor after the secure object invocation has been completed.

findAllGroups() - Method in interface org.springframework.security.provisioning.GroupManager

Returns the names of all groups that this group manager controls.

findAllGroups() - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

findAttributes(Class<?>) - Method in class org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource

Deprecated.

findAttributes(Class<?>) - Method in class org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource

Deprecated.

findAttributes(Class<?>) - Method in class org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource

Deprecated.

Obtains the security metadata registered against the specified class.

findAttributes(Class<?>) - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource

Deprecated.

Implementation does not support class-level attributes.

findAttributes(Method, Class<?>) - Method in class org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource

Deprecated.

findAttributes(Method, Class<?>) - Method in class org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource

Deprecated.

findAttributes(Method, Class<?>) - Method in class org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource

Deprecated.

Obtains the security metadata applicable to the specified method invocation.

findAttributes(Method, Class<?>) - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource

Deprecated.

Will walk the method inheritance tree to find the most specific declaration applicable.

findByCredentialId(Bytes) - Method in class org.springframework.security.web.webauthn.management.MapUserCredentialRepository

findByCredentialId(Bytes) - Method in interface org.springframework.security.web.webauthn.management.UserCredentialRepository

Finds an entry by credential id.

findByEntityId(String) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadataRepository

Retrieve an AssertingPartyMetadata by its EntityID.

findById(Bytes) - Method in class org.springframework.security.web.webauthn.management.MapPublicKeyCredentialUserEntityRepository

findById(Bytes) - Method in interface org.springframework.security.web.webauthn.management.PublicKeyCredentialUserEntityRepository

Finds the PublicKeyCredentialUserEntity by PublicKeyCredentialUserEntity.getId()

findByRegistrationId(String) - Method in interface org.springframework.security.oauth2.client.registration.ClientRegistrationRepository

Returns the client registration identified by the provided registrationId, or null if not found.

findByRegistrationId(String) - Method in class org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository

findByRegistrationId(String) - Method in class org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository

findByRegistrationId(String) - Method in interface org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository

Returns the client registration identified by the provided registrationId, or null if not found.

findByRegistrationId(String) - Method in class org.springframework.security.oauth2.client.registration.SupplierClientRegistrationRepository

findByRegistrationId(String) - Method in class org.springframework.security.saml2.provider.service.registration.CachingRelyingPartyRegistrationRepository

Returns the relying party registration identified by the provided registrationId, or null if not found.

findByRegistrationId(String) - Method in class org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository

findByRegistrationId(String) - Method in interface org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository

Returns the relying party registration identified by the provided registrationId, or null if not found.

findByUserId(Bytes) - Method in class org.springframework.security.web.webauthn.management.MapUserCredentialRepository

findByUserId(Bytes) - Method in interface org.springframework.security.web.webauthn.management.UserCredentialRepository

Finds all CredentialRecord instances for a specific user.

findByUsername(String) - Method in class org.springframework.security.core.userdetails.MapReactiveUserDetailsService

findByUsername(String) - Method in interface org.springframework.security.core.userdetails.ReactiveUserDetailsService

Find the UserDetails by username.

findByUsername(String) - Method in class org.springframework.security.web.webauthn.management.MapPublicKeyCredentialUserEntityRepository

findByUsername(String) - Method in interface org.springframework.security.web.webauthn.management.PublicKeyCredentialUserEntityRepository

Finds the PublicKeyCredentialUserEntity by the username.

findChildren(ObjectIdentity) - Method in class org.springframework.security.acls.jdbc.JdbcAclService

findChildren(ObjectIdentity) - Method in interface org.springframework.security.acls.model.AclService

Locates all object identities that use the specified parent.

findGroupAuthorities(String) - Method in interface org.springframework.security.provisioning.GroupManager

Obtains the list of authorities which are assigned to a group.

findGroupAuthorities(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

findRequiredWebApplicationContext(ServletContext) - Static method in class org.springframework.security.web.context.support.SecurityWebApplicationContextUtils

Find a unique WebApplicationContext for this web app: either the root web app context (preferred) or a unique WebApplicationContext among the registered ServletContext attributes (typically coming from a single DispatcherServlet in the current web application).

findUniqueByAssertingPartyEntityId(String) - Method in class org.springframework.security.saml2.provider.service.registration.CachingRelyingPartyRegistrationRepository

findUniqueByAssertingPartyEntityId(String) - Method in class org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository

findUniqueByAssertingPartyEntityId(String) - Method in interface org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository

Returns the unique relying party registration associated with the asserting party's entityId or null if there is no unique match.

findUsersInGroup(String) - Method in interface org.springframework.security.provisioning.GroupManager

Locates the users who are members of a group

findUsersInGroup(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

FIRE_AND_FORGET - Enum constant in enum class org.springframework.security.rsocket.api.PayloadExchangeType

A Fire and Forget exchange.

FirewalledRequest - Class in org.springframework.security.web.firewall

Request wrapper which is returned by the HttpFirewall interface.

FirewalledRequest(HttpServletRequest) - Constructor for class org.springframework.security.web.firewall.FirewalledRequest

Constructs a request object wrapping the given request.

FIRST - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder

FIRST - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

flushBuffer() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper

Makes sure OnCommittedResponseWrapper.onResponseCommitted() is invoked before calling the superclass flushBuffer()

ForceEagerSessionCreationFilter - Class in org.springframework.security.web.session

Eagerly creates HttpSession if it does not already exist.

ForceEagerSessionCreationFilter() - Constructor for class org.springframework.security.web.session.ForceEagerSessionCreationFilter

forEach(Consumer<? super RelyingPartyRegistration>) - Method in class org.springframework.security.saml2.provider.service.registration.CachingRelyingPartyRegistrationRepository

FORM - Static variable in class org.springframework.security.oauth2.core.AuthenticationMethod

FORM_LOGIN - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

Instance of AuthenticationWebFilter

FORM_LOGIN - Static variable in class org.springframework.security.config.Elements

format - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat

HTTP date format.

formatCache - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat

Formatter cache.

formatDate(long, DateFormat) - Static method in class org.springframework.security.web.savedrequest.FastHttpDateFormat

Formats a specified date to HTTP format.

formats - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat

The set of SimpleDateFormat formats to use in getDateHeader().

formatted(String) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder

Sets the full mailing address, formatted for display.

formLogin() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.formLogin(Customizer) or formLogin(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

formLogin() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.formLogin(Customizer) or formLogin(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

formLogin() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders

Creates a request (including any necessary CsrfToken) that will submit a form based login to POST "/login".

formLogin(String) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders

Creates a request (including any necessary CsrfToken) that will submit a form based login to POST loginProcessingUrl.

formLogin(Customizer<FormLoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Specifies to support form based authentication.

formLogin(Customizer<ServerHttpSecurity.FormLoginSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures form based authentication.

FormLoginBeanDefinitionParser - Class in org.springframework.security.config.http

FormLoginConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds form based authentication.

FormLoginConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer

Creates a new instance

ForwardAuthenticationFailureHandler - Class in org.springframework.security.web.authentication

Forward Authentication Failure Handler

ForwardAuthenticationFailureHandler(String) - Constructor for class org.springframework.security.web.authentication.ForwardAuthenticationFailureHandler

ForwardAuthenticationSuccessHandler - Class in org.springframework.security.web.authentication

Forward Authentication Success Handler

ForwardAuthenticationSuccessHandler(String) - Constructor for class org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler

ForwardLogoutSuccessHandler - Class in org.springframework.security.web.authentication.logout

LogoutSuccessHandler implementation that will perform a request dispatcher "forward" to the specified target URL.

ForwardLogoutSuccessHandler(String) - Constructor for class org.springframework.security.web.authentication.logout.ForwardLogoutSuccessHandler

Construct a new ForwardLogoutSuccessHandler with the given target URL.

frameOptions() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.frameOptions(Customizer) or frameOptions(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

frameOptions() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.frameOptions(Customizer) or frameOptions(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

frameOptions(Customizer<HeadersConfigurer.FrameOptionsConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows customizing the XFrameOptionsHeaderWriter.

frameOptions(Customizer<ServerHttpSecurity.HeaderSpec.FrameOptionsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures frame options response headers

from(String) - Static method in enum class org.springframework.security.oauth2.jose.jws.MacAlgorithm

Attempt to resolve the provided algorithm name to a MacAlgorithm.

from(String) - Static method in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm

Attempt to resolve the provided algorithm name to a SignatureAlgorithm.

from(String) - Static method in enum class org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding

Attempt to resolve the provided algorithm name to a Saml2MessageBinding.

from(String) - Static method in enum class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy

from(String) - Static method in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy

from(String) - Static method in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy

from(String) - Static method in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue

from(OAuth2AuthorizationRequest) - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest

Returns a new OAuth2AuthorizationRequest.Builder, initialized with the values from the provided authorizationRequest.

from(JwsHeader) - Static method in class org.springframework.security.oauth2.jwt.JwsHeader

Returns a new JwsHeader.Builder, initialized with the provided headers.

from(JwsHeader, JwtClaimsSet) - Static method in class org.springframework.security.oauth2.jwt.JwtEncoderParameters

Returns a new JwtEncoderParameters, initialized with the provided JwsHeader and JwtClaimsSet.

from(JwtClaimsSet) - Static method in class org.springframework.security.oauth2.jwt.JwtClaimsSet

Returns a new JwtClaimsSet.Builder, initialized with the provided claims.

from(JwtClaimsSet) - Static method in class org.springframework.security.oauth2.jwt.JwtEncoderParameters

Returns a new JwtEncoderParameters, initialized with the provided JwtClaimsSet.

fromBase64(String) - Static method in class org.springframework.security.web.webauthn.api.Bytes

Creates a new instance from a base64 url string.

fromBase64(String) - Static method in class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCose

Creates a new instance form a Base64 URL encoded String

fromCredentialRecord(CredentialRecord) - Static method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord

fromEmbeddedLdapServer() - Static method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

Create an EmbeddedLdapServerContextSourceFactoryBean that will use an embedded LDAP server to perform LDAP authentication.

fromHierarchy(String) - Static method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl

Create a role hierarchy instance with the given definition, similar to the following:

fromIssuerLocation(String) - Static method in class org.springframework.security.oauth2.client.registration.ClientRegistrations

Creates a ClientRegistration.Builder using the provided Issuer by querying three different discovery endpoints serially, using the values in the first successful response to initialize.

fromIssuerLocation(String) - Static method in class org.springframework.security.oauth2.jwt.JwtDecoders

Creates a JwtDecoder using the provided Issuer by querying three different discovery endpoints serially, using the values in the first successful response to initialize.

fromIssuerLocation(String) - Static method in class org.springframework.security.oauth2.jwt.ReactiveJwtDecoders

Creates a ReactiveJwtDecoder using the provided Issuer by querying three different discovery endpoints serially, using the values in the first successful response to initialize.

fromMetadata(InputStream) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations

Return a RelyingPartyRegistration.Builder based off of the given SAML 2.0 Asserting Party (IDP) metadata.

fromMetadataLocation(String) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations

Return a RelyingPartyRegistration.Builder based off of the given SAML 2.0 Asserting Party (IDP) metadata location.

fromOidcConfiguration(Map<String, Object>) - Static method in class org.springframework.security.oauth2.client.registration.ClientRegistrations

Creates a ClientRegistration.Builder using the provided map representation of an OpenID Provider Configuration Response to initialize the ClientRegistration.Builder.

fromOidcIssuerLocation(String) - Static method in class org.springframework.security.oauth2.client.registration.ClientRegistrations

Creates a ClientRegistration.Builder using the provided Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to initialize the ClientRegistration.Builder.

fromOidcIssuerLocation(String) - Static method in class org.springframework.security.oauth2.jwt.JwtDecoders

Creates a JwtDecoder using the provided Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to initialize the JwtDecoder.

fromOidcIssuerLocation(String) - Static method in class org.springframework.security.oauth2.jwt.ReactiveJwtDecoders

Creates a ReactiveJwtDecoder using the provided Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to initialize the ReactiveJwtDecoder.

fromResource(Resource) - Static method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean

Create a ReactiveUserDetailsServiceResourceFactoryBean with a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

fromResource(Resource) - Static method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean

Create a UserDetailsResourceFactoryBean with a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

fromResource(Resource) - Static method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean

Create a UserDetailsManagerResourceFactoryBean with a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

fromResourceLocation(String) - Static method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean

Create a ReactiveUserDetailsServiceResourceFactoryBean with the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

fromResourceLocation(String) - Static method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean

Create a UserDetailsResourceFactoryBean with the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

fromResourceLocation(String) - Static method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean

Create a UserDetailsManagerResourceFactoryBean with the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

fromString(String) - Static method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean

Create a ReactiveUserDetailsServiceResourceFactoryBean with a String that is in the format defined in UserDetailsResourceFactoryBean.

fromString(String) - Static method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean

Creates a UserDetailsResourceFactoryBean with a resource from the provided String

fromString(String) - Static method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean

Create a UserDetailsManagerResourceFactoryBean with a String that is in the format defined in UserDetailsResourceFactoryBean.

fromTrustedIssuers(String...) - Static method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver

Construct a JwtIssuerAuthenticationManagerResolver using the provided parameters

fromTrustedIssuers(String...) - Static method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver

Construct a JwtIssuerReactiveAuthenticationManagerResolver using the provided parameters

fromTrustedIssuers(Collection<String>) - Static method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver

Construct a JwtIssuerAuthenticationManagerResolver using the provided parameters

fromTrustedIssuers(Collection<String>) - Static method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver

Construct a JwtIssuerReactiveAuthenticationManagerResolver using the provided parameters

fromTrustedIssuers(Predicate<String>) - Static method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver

Construct a JwtIssuerAuthenticationManagerResolver using the provided parameters

fromTrustedIssuers(Predicate<String>) - Static method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver

Construct a JwtIssuerReactiveAuthenticationManagerResolver using the provided parameters

fullyAuthenticated() - Static method in class org.springframework.security.authorization.AuthenticatedAuthorizationManager

Creates an instance of AuthenticatedAuthorizationManager that determines if the Authentication is authenticated without using remember me.

fullyAuthenticated() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Specify that URLs are allowed by users who have authenticated and were not "remembered".

fullyAuthenticated() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Deprecated.

Specify that URLs are allowed by users who have authenticated and were not "remembered".

fullyAuthenticated() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Deprecated.

Specify that Messages are allowed by users who have authenticated and were not "remembered".

fullyAuthenticated() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint

Specify that Messages are allowed by users who have authenticated and were not "remembered".

fullyAuthenticated() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl

Specify that URLs are allowed by users who have authenticated and were not "remembered".

G

GCM - Enum constant in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm

gender(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Use this gender in the resulting OidcUserInfo

GENDER - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames

gender - the user's gender

generate(GenerateOneTimeTokenRequest) - Method in class org.springframework.security.authentication.ott.InMemoryOneTimeTokenService

generate(GenerateOneTimeTokenRequest) - Method in class org.springframework.security.authentication.ott.JdbcOneTimeTokenService

generate(GenerateOneTimeTokenRequest) - Method in interface org.springframework.security.authentication.ott.OneTimeTokenService

Generates a one-time token based on the provided generate request.

generate(GenerateOneTimeTokenRequest) - Method in class org.springframework.security.authentication.ott.reactive.InMemoryReactiveOneTimeTokenService

generate(GenerateOneTimeTokenRequest) - Method in interface org.springframework.security.authentication.ott.reactive.ReactiveOneTimeTokenService

Generates a one-time token based on the provided generate request.

generateKey() - Method in class org.springframework.security.crypto.keygen.Base64StringKeyGenerator

generateKey() - Method in interface org.springframework.security.crypto.keygen.BytesKeyGenerator

Generate a new key.

generateKey() - Method in interface org.springframework.security.crypto.keygen.StringKeyGenerator

generateNewContext() - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository

By default, calls SecurityContextHolder.createEmptyContext() to obtain a new context (there should be no context present in the holder when this method is called).

GenerateOneTimeTokenFilter - Class in org.springframework.security.web.authentication.ott

Filter that process a One-Time Token generation request.

GenerateOneTimeTokenFilter(OneTimeTokenService, OneTimeTokenGenerationSuccessHandler) - Constructor for class org.springframework.security.web.authentication.ott.GenerateOneTimeTokenFilter

GenerateOneTimeTokenRequest - Class in org.springframework.security.authentication.ott

Class to store information related to an One-Time Token authentication request

GenerateOneTimeTokenRequest(String) - Constructor for class org.springframework.security.authentication.ott.GenerateOneTimeTokenRequest

GenerateOneTimeTokenWebFilter - Class in org.springframework.security.web.server.authentication.ott

WebFilter implementation that process a One-Time Token generation request.

GenerateOneTimeTokenWebFilter(ReactiveOneTimeTokenService, ServerOneTimeTokenGenerationSuccessHandler) - Constructor for class org.springframework.security.web.server.authentication.ott.GenerateOneTimeTokenWebFilter

generateSeriesData() - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices

generateToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

generateToken(HttpServletRequest) - Method in interface org.springframework.security.web.csrf.CsrfTokenRepository

Generates a CsrfToken

generateToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository

generateToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.LazyCsrfTokenRepository

Deprecated.

Generates a new token

generateToken(ServerWebExchange) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

generateToken(ServerWebExchange) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRepository

Generates a CsrfToken

generateToken(ServerWebExchange) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository

generateTokenData() - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices

gensalt() - Static method in class org.springframework.security.crypto.bcrypt.BCrypt

Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to apply

gensalt(int) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt

Generate a salt for use with the BCrypt.hashpw() method

gensalt(int, SecureRandom) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt

Generate a salt for use with the BCrypt.hashpw() method

gensalt(String) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt

gensalt(String, int) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt

Generate a salt for use with the BCrypt.hashpw() method

gensalt(String, int, SecureRandom) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt

Generate a salt for use with the BCrypt.hashpw() method

get() - Method in interface org.springframework.security.web.csrf.DeferredCsrfToken

Gets the CsrfToken

get(String) - Static method in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy

getAccess() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag

getAccessDecisionManager() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

getAccessDeniedException() - Method in class org.springframework.security.access.event.AuthorizationFailureEvent

Deprecated.

getAccessDeniedHandler() - Method in class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry

getAccessor() - Static method in class org.springframework.security.core.SpringSecurityMessageSource

getAccessToken() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken

Returns the access token.

getAccessToken() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken

Returns the access token.

getAccessToken() - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest

Returns the access token credential granted.

getAccessToken() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClient

Returns the access token credential granted.

getAccessToken() - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder

getAccessToken() - Method in class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest

Returns the access token.

getAccessToken() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse

Returns the Access Token.

getAccessTokenHash() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor

Returns the Access Token hash value (at_hash).

getAcl() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl

getAcl() - Method in interface org.springframework.security.acls.model.AccessControlEntry

getActorToken() - Method in class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequest

Returns the actor token.

getAdditionalParameters() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken

Returns the additional parameters

getAdditionalParameters() - Method in class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest

Returns the additional parameters that may be used in the request.

getAdditionalParameters() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse

Returns the additional parameters returned in the response.

getAdditionalParameters() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest

Returns the additional parameter(s) used in the request.

getAdditionalParameters() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse

Returns the additional parameters returned in the response.

getAdditionalRoles(DirContextOperations, String) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

This method should be overridden if required to obtain any additional roles for the given user (on top of those obtained from the standard search implemented by this class).

getAddress() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor

Returns the user's preferred postal address (address).

getAdvice() - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor

Deprecated.

getAdvice() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor

getAdvice() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor

getAdvice() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor

getAdvice() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor

getAdvice() - Method in class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor

getAdvice() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor

getAdvice() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor

getAdvice() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor

getAdvice() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor

getAfterInvocationManager() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

getAlg() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters

The alg member specifies the cryptographic signature algorithm with which the newly generated credential will be used, and thus also the type of asymmetric key pair to be generated, e.g., RSA or Elliptic Curve.

getAlgorithm() - Method in class org.springframework.security.oauth2.jwt.JwsHeader

getAllConfigAttributes() - Method in class org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource

Deprecated.

getAllConfigAttributes() - Method in class org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource

Deprecated.

getAllConfigAttributes() - Method in class org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource

Deprecated.

getAllConfigAttributes() - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource

Deprecated.

Obtains the configuration attributes explicitly defined against this bean.

getAllConfigAttributes() - Method in class org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource

Deprecated.

getAllConfigAttributes() - Method in interface org.springframework.security.access.SecurityMetadataSource

If available, returns all of the ConfigAttributes defined by the implementing class.

getAllConfigAttributes() - Method in class org.springframework.security.messaging.access.intercept.DefaultMessageSecurityMetadataSource

Deprecated.

getAllConfigAttributes() - Method in class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource

getAllowCredentials() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions

The allowCredentials property is an OPTIONAL member is used by the client to find authenticators eligible for this authentication ceremony.

getAllowFromValue(HttpServletRequest) - Method in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy

Deprecated.

getAllowFromValue(HttpServletRequest) - Method in interface org.springframework.security.web.header.writers.frameoptions.AllowFromStrategy

Deprecated.

Gets the value for ALLOW-FROM excluding the ALLOW-FROM.

getAllowFromValue(HttpServletRequest) - Method in class org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy

Deprecated.

getAllowSessionCreation() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

getAllPrincipals() - Method in interface org.springframework.security.core.session.SessionRegistry

Obtains all the known principals in the SessionRegistry.

getAllPrincipals() - Method in class org.springframework.security.core.session.SessionRegistryImpl

getAllSessions(Object) - Method in class org.springframework.security.core.session.InMemoryReactiveSessionRegistry

getAllSessions(Object) - Method in interface org.springframework.security.core.session.ReactiveSessionRegistry

Gets all the known ReactiveSessionInformation instances for the specified principal.

getAllSessions(Object, boolean) - Method in interface org.springframework.security.core.session.SessionRegistry

Obtains all the known sessions for the specified principal.

getAllSessions(Object, boolean) - Method in class org.springframework.security.core.session.SessionRegistryImpl

getAppConfigurationEntry(String) - Method in class org.springframework.security.authentication.jaas.memory.InMemoryConfiguration

getApplicationContext() - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

Gets the ApplicationContext

getApplicationEventPublisher() - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider

getArguments() - Method in class org.springframework.security.access.intercept.aspectj.MethodInvocationAdapter

Deprecated.

getArguments() - Method in class org.springframework.security.util.SimpleMethodInvocation

getArtifactParameter() - Method in class org.springframework.security.cas.ServiceProperties

getAssertingPartyDetails() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration

Deprecated.

Get the configuration details for the Asserting Party

getAssertingPartyDetails() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration

Deprecated.

Use RelyingPartyRegistration.getAssertingPartyMetadata() instead

getAssertingPartyMetadata() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration

Get the metadata for the Asserting Party

getAssertion() - Method in class org.springframework.security.cas.authentication.CasAssertionAuthenticationToken

getAssertion() - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken

getAssertionConsumerServiceBinding() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration

Get the AssertionConsumerService Binding.

getAssertionConsumerServiceLocation() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration

Get the AssertionConsumerService Location.

getAttestation() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions

The attestation property is an OPTIONAL member used by the Relying Party to specify a preference regarding attestation conveyance.

getAttestationClientDataJSON() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord

The attestationClientDataJSON is the value of the attestationObject attribute when the public key credential source was registered.

getAttestationClientDataJSON() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord

getAttestationObject() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse

The attestationObject is an OPTIONAL attribute contains an attestation object, if the authenticator supports attestation in assertions.

getAttestationObject() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse

The attestationObject attribute contains an attestation object, which is opaque to, and cryptographically protected against tampering by, the client.

getAttestationObject() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord

The attestationObject is the value of the attestationObject attribute when the public key credential source was registered.

getAttestationObject() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord

getAttribute() - Method in interface org.springframework.security.access.ConfigAttribute

If the ConfigAttribute can be represented as a String and that String is sufficient in precision to be relied upon as a configuration parameter by a RunAsManager, AccessDecisionManager or AccessDecisionManager delegate, this method should return such a String.

getAttribute() - Method in class org.springframework.security.access.SecurityConfig

getAttribute(String) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext

Returns the value of an attribute associated to the context or null if not available.

getAttribute(String) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest

Returns the value of an attribute associated to the request or null if not available.

getAttribute(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest

Returns the value of an attribute associated to the request.

getAttribute(String) - Method in interface org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal

Get the OAuth 2.0 token attribute by name

getAttribute(String) - Method in interface org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal

Get the Saml2 token attribute by name

getAttributes() - Method in class org.springframework.security.access.intercept.InterceptorStatusToken

Deprecated.

getAttributes() - Method in class org.springframework.security.ldap.userdetails.LdapAuthority

Returns the LDAP attributes

getAttributes() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext

Returns the attributes associated to the context.

getAttributes() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest

Returns the attributes associated to the request.

getAttributes() - Method in class org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal

Gets the attributes of the OAuth 2.0 token in map form.

getAttributes() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest

Returns the attribute(s) associated to the request.

getAttributes() - Method in interface org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal

Get the OAuth 2.0 token attributes

getAttributes() - Method in class org.springframework.security.oauth2.core.user.DefaultOAuth2User

getAttributes() - Method in class org.springframework.security.oauth2.core.user.OAuth2UserAuthority

Returns the attributes about the user.

getAttributes() - Method in class org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal

Gets the attributes of the OAuth 2.0 Token Introspection in map form.

getAttributes() - Method in class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal

getAttributes() - Method in interface org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal

Get the Saml2 token attributes

getAttributes(Object) - Method in class org.springframework.security.access.method.AbstractMethodSecurityMetadataSource

Deprecated.

getAttributes(Object) - Method in interface org.springframework.security.access.SecurityMetadataSource

Accesses the ConfigAttributes that apply to a given secure object.

getAttributes(Object) - Method in class org.springframework.security.messaging.access.intercept.DefaultMessageSecurityMetadataSource

Deprecated.

getAttributes(Object) - Method in class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource

getAttributes(Method, Class<?>) - Method in class org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource

Deprecated.

getAttributes(Method, Class<?>) - Method in class org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource

Deprecated.

getAttributes(Method, Class<?>) - Method in interface org.springframework.security.access.method.MethodSecurityMetadataSource

Deprecated.

getAttributes(Method, Class<?>) - Method in class org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource

Deprecated.

getAttributes2grantedAuthoritiesMap() - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper

getAttributeValues(String) - Method in class org.springframework.security.ldap.userdetails.LdapAuthority

Returns the values for a specific attribute

getAudience() - Method in interface org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimAccessor

Returns the Audience(s) (aud) that this ID Token is intended for.

getAudience() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor

Returns the intended audience (aud) for the token

getAudience() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor

Returns the Audience(s) (aud) that this ID Token is intended for.

getAudience() - Method in interface org.springframework.security.oauth2.jwt.JwtClaimAccessor

Returns the Audience (aud) claim which identifies the recipient(s) that the JWT is intended for.

getAuthenticatedAt() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor

Returns the time when the End-User authentication occurred (auth_time).

getAuthenticatedEnv(String, String) - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyAwareContextSource

getAuthentication() - Method in class org.springframework.security.access.event.AuthorizationFailureEvent

Deprecated.

getAuthentication() - Method in class org.springframework.security.access.event.AuthorizedEvent

Deprecated.

getAuthentication() - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations

Gets the Authentication used for evaluating the expressions

getAuthentication() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot

getAuthentication() - Method in class org.springframework.security.authentication.event.AbstractAuthenticationEvent

Getters for the Authentication request that caused the event.

getAuthentication() - Method in class org.springframework.security.authentication.jaas.event.JaasAuthenticationEvent

Pre-casted method that returns the 'source' of the event.

getAuthentication() - Method in class org.springframework.security.authorization.AuthorizationObservationContext

Get the observed Authentication for this authorization

getAuthentication() - Method in class org.springframework.security.authorization.event.AuthorizationEvent

Get the principal requiring access

getAuthentication() - Method in interface org.springframework.security.core.context.SecurityContext

Obtains the currently authenticated principal, or an authentication request token.

getAuthentication() - Method in class org.springframework.security.core.context.SecurityContextImpl

getAuthentication() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters

The current Authentication

getAuthentication() - Method in class org.springframework.security.web.server.authentication.MaximumSessionsContext

getAuthentication() - Method in class org.springframework.security.web.webauthn.management.ImmutablePublicKeyCredentialCreationOptionsRequest

getAuthentication() - Method in class org.springframework.security.web.webauthn.management.ImmutablePublicKeyCredentialRequestOptionsRequest

getAuthentication() - Method in interface org.springframework.security.web.webauthn.management.PublicKeyCredentialCreationOptionsRequest

The current Authentication.

getAuthentication() - Method in interface org.springframework.security.web.webauthn.management.PublicKeyCredentialRequestOptionsRequest

The current Authentication.

getAuthenticationContextClass() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor

Returns the Authentication Context Class Reference (acr).

getAuthenticationConverter() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec

getAuthenticationConverter() - Method in class org.springframework.security.web.authentication.AuthenticationFilter

getAuthenticationDetailsSource() - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

getAuthenticationDetailsSource() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

getAuthenticationDetailsSource() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter

getAuthenticationEntryPoint() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Gets the Authentication Entry Point

getAuthenticationEntryPoint() - Method in class org.springframework.security.web.access.ExceptionTranslationFilter

getAuthenticationEntryPoint() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter

getAuthenticationEntryPoint() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter

getAuthenticationEntryPointMatcher(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

getAuthenticationFilter() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Gets the Authentication Filter

getAuthenticationManager() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

getAuthenticationManager() - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration

getAuthenticationManager() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec

getAuthenticationManager() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

getAuthenticationManager() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter

getAuthenticationManagerClass() - Method in class org.springframework.security.authentication.AuthenticationObservationContext

Get the AuthenticationManager class that processed the authentication

getAuthenticationManagerResolver() - Method in class org.springframework.security.web.authentication.AuthenticationFilter

getAuthenticationMethod() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails.UserInfoEndpoint

Returns the authentication method for the user info endpoint.

getAuthenticationMethods() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor

Returns the Authentication Methods References (amr).

getAuthenticationRequest() - Method in class org.springframework.security.authentication.AuthenticationObservationContext

Get the Authentication request that was observed

getAuthenticationRequest() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken

Returns the authentication request sent to the assertion party or null if no authentication request is present

getAuthenticationRequestUri() - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest

Returns the URI endpoint that this AuthNRequest should be sent to.

getAuthenticationResult() - Method in class org.springframework.security.authentication.AuthenticationObservationContext

Get the Authentication result that was observed

getAuthenticationTrustResolver() - Method in class org.springframework.security.web.access.ExceptionTranslationFilter

getAuthenticatorAttachment() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria

If authenticatorAttachment is present, eligible authenticators are filtered to be only those authenticators attached with the specified authenticator attachment modality (see also 6.2.1 Authenticator Attachment Modality).

getAuthenticatorAttachment() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential

The authenticatorAttachment reports the authenticator attachment modality in effect at the time the navigator.credentials.create() or navigator.credentials.get() methods successfully complete.

getAuthenticatorData() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse

The authenticatorData contains the authenticator data returned by the authenticator.

getAuthenticatorSelection() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions

The authenticatorSelection property is an OPTIONAL member used by the Relying Party to list any existing credentials mapped to this user account (as identified by user.id).

getAuthorities() - Method in class org.springframework.security.authentication.AbstractAuthenticationToken

getAuthorities() - Method in class org.springframework.security.authorization.AuthorityAuthorizationDecision

getAuthorities() - Method in interface org.springframework.security.core.Authentication

Set by an AuthenticationManager to indicate the authorities that the principal has been granted.

getAuthorities() - Method in class org.springframework.security.core.userdetails.memory.UserAttribute

getAuthorities() - Method in class org.springframework.security.core.userdetails.User

getAuthorities() - Method in interface org.springframework.security.core.userdetails.UserDetails

Returns the authorities granted to the user.

getAuthorities() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl

getAuthorities() - Method in class org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation

Any material needed to authorize operations on this session

getAuthorities() - Method in class org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal

getAuthorities() - Method in interface org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal

Get the Collection of GrantedAuthoritys associated with this OAuth 2.0 token

getAuthorities() - Method in class org.springframework.security.oauth2.core.user.DefaultOAuth2User

getAuthorities() - Method in class org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal

Get the Collection of GrantedAuthoritys associated with this OAuth 2.0 Token Introspection

getAuthorities() - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter

getAuthoritiesByUsernameQuery() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

getAuthoritiesMapper() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

Gets the GrantedAuthoritiesMapper and defaults to SimpleAuthorityMapper.

getAuthoritiesPopulator() - Method in class org.springframework.security.ldap.authentication.LdapAuthenticationProvider

getAuthority() - Method in class org.springframework.security.authentication.jaas.JaasGrantedAuthority

getAuthority() - Method in class org.springframework.security.core.authority.SimpleGrantedAuthority

getAuthority() - Method in interface org.springframework.security.core.GrantedAuthority

If the GrantedAuthority can be represented as a String and that String is sufficient in precision to be relied upon for an access control decision by an AccessDecisionManager (or delegate), this method should return such a String.

getAuthority() - Method in class org.springframework.security.ldap.userdetails.LdapAuthority

getAuthority() - Method in class org.springframework.security.oauth2.core.user.OAuth2UserAuthority

getAuthority() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority

getAuthorizationCodeHash() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor

Returns the Authorization Code hash value (c_hash).

getAuthorizationDecision() - Method in class org.springframework.security.authorization.event.AuthorizationEvent

Deprecated.

please use AuthorizationEvent.getAuthorizationResult()

getAuthorizationExchange() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken

Returns the authorization exchange.

getAuthorizationExchange() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken

Returns the authorization exchange.

getAuthorizationExchange() - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest

Returns the authorization exchange.

getAuthorizationGrantRequest() - Method in class org.springframework.security.oauth2.client.endpoint.NimbusJwtClientAuthenticationParametersConverter.JwtClientAuthenticationContext

Returns the authorization grant request.

getAuthorizationGrantType() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration

Returns the authorization grant type used for the client.

getAuthorizationManager() - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter

Gets the AuthorizationManager used by this filter

getAuthorizationRequest() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange

Returns the Authorization Request.

getAuthorizationRequestUri() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest

Returns the URI string representation of the OAuth 2.0 Authorization Request.

getAuthorizationResponse() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange

Returns the Authorization Response.

getAuthorizationResult() - Method in exception org.springframework.security.authorization.AuthorizationDeniedException

getAuthorizationResult() - Method in class org.springframework.security.authorization.AuthorizationObservationContext

Get the observed AuthorizationResult

getAuthorizationResult() - Method in class org.springframework.security.authorization.event.AuthorizationEvent

Get the response to the principal's request

getAuthorizationUri() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails

Returns the uri for the authorization endpoint.

getAuthorizationUri() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest

Returns the uri for the authorization endpoint.

getAuthorizedClient() - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder

Returns the OAuth2AuthorizedClient.

getAuthorizedClient() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext

Returns the authorized client or null if the client registration was supplied.

getAuthorizedClient() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest

Returns the authorized client or null if it was not provided.

getAuthorizedClientRegistrationId() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken

Returns the registration identifier of the Authorized Client.

getAuthorizedParty() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor

Returns the Authorized party (azp) to which the ID Token was issued.

getBeanClassName(Element) - Method in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser

getBeanClassName(Element) - Method in class org.springframework.security.config.authentication.JdbcUserServiceBeanDefinitionParser

getBeanClassName(Element) - Method in class org.springframework.security.config.authentication.UserServiceBeanDefinitionParser

getBeanClassName(Element) - Method in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

getBeanResolver() - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler

getBinding() - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest

Returns the binding this AuthNRequest will be sent and encoded with.

getBinding() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest

Get the binding for the asserting party's SingleLogoutService

getBinding() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse

Get the binding for the asserting party's SingleLogoutService

getBinding() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest

getBinding() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest

getBirthdate() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor

Returns the user's birth date (birthdate).

getBuilder() - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter

Gets the SecurityBuilder.

getBuilder(String) - Method in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider

Create a new ClientRegistration.Builder pre-configured with provider defaults.

getBuilder(String, ClientAuthenticationMethod, String) - Method in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider

getByteLength(RSAKey) - Static method in class org.springframework.security.crypto.encrypt.RsaRawEncryptor

getBytes() - Method in class org.springframework.security.web.webauthn.api.Bytes

Gets the raw bytes.

getBytes() - Method in class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCose

getBytes() - Method in interface org.springframework.security.web.webauthn.api.PublicKeyCose

The byes of a COSE encoded public key.

getByTicketId(String) - Method in class org.springframework.security.cas.authentication.NullStatelessTicketCache

getByTicketId(String) - Method in class org.springframework.security.cas.authentication.SpringCacheBasedTicketCache

getByTicketId(String) - Method in interface org.springframework.security.cas.authentication.StatelessTicketCache

Retrieves the CasAuthenticationToken associated with the specified ticket.

getCarLicense() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson

getCertificate() - Method in class org.springframework.security.saml2.core.Saml2X509Credential

Get the public certificate for this credential

getChain() - Method in class org.springframework.security.web.FilterInvocation

getChain() - Method in class org.springframework.security.web.server.WebFilterExchange

The filter chain

getChallenge() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions

The challenge specifies the challenge that the authenticator signs, along with other data, when producing an attestation object for the newly created credential.

getChallenge() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions

The challenge property specifies a challenge that the authenticator signs, along with other data, when producing an authentication assertion.

getChannelDecisionManager() - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter

getChannelProcessors() - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl

getClaim(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor

Returns the claim value as a T type.

getClaimAsBoolean(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor

Returns the claim value as a Boolean or null if the claim does not exist.

getClaimAsInstant(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor

Returns the claim value as an Instant or null if it does not exist.

getClaimAsMap(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor

Returns the claim value as a Map<String, Object> or null if the claim does not exist.

getClaimAsString(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor

Returns the claim value as a String or null if it does not exist or is equal to null.

getClaimAsStringList(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor

Returns the claim value as a List<String> or null if the claim does not exist.

getClaimAsURL(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor

Returns the claim value as an URL or null if it does not exist.

getClaims() - Method in class org.springframework.security.oauth2.client.endpoint.NimbusJwtClientAuthenticationParametersConverter.JwtClientAuthenticationContext

Returns the JwtClaimsSet.Builder to be used to customize claims of the JSON Web Token (JWS).

getClaims() - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken

getClaims() - Method in interface org.springframework.security.oauth2.core.ClaimAccessor

Returns a set of claims that may be used for assertions.

getClaims() - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken

getClaims() - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo

getClaims() - Method in class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser

getClaims() - Method in interface org.springframework.security.oauth2.core.oidc.user.OidcUser

Returns the claims about the user.

getClaims() - Method in class org.springframework.security.oauth2.jwt.Jwt

Returns the JWT Claims Set.

getClaims() - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet

getClaims() - Method in class org.springframework.security.oauth2.jwt.JwtEncoderParameters

Returns the claims.

getClaims() - Method in class org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal

getClientAuthenticationMethod() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration

Returns the authentication method used when authenticating the client with the authorization server.

getClientDataJSON() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorResponse

The clientDataJSON contains a JSON-compatible serialization of the client data, the hash of which is passed to the authenticator by the client in its call to either create() or get() (i.e., the client data itself is not sent to the authenticator).

getClientExtensionResults() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential

The clientExtensionsResults is a mapping of extension identifier to client extension output.

getClientId() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration

Returns the client identifier.

getClientId() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest

Returns the client identifier.

getClientId() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor

Returns the client identifier (client_id) for the token

getClientName() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration

Returns the logical name of the client or registration.

getClientRegistration() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken

Returns the client registration.

getClientRegistration() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken

Returns the client registration.

getClientRegistration() - Method in class org.springframework.security.oauth2.client.endpoint.AbstractOAuth2AuthorizationGrantRequest

Returns the client registration.

getClientRegistration() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext

Returns the client registration.

getClientRegistration() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClient

Returns the authorized client's registration.

getClientRegistration() - Method in class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest

Returns the client registration.

getClientRegistrationId() - Method in exception org.springframework.security.oauth2.client.ClientAuthorizationException

Returns the identifier for the client's registration.

getClientRegistrationId() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientId

Returns the identifier for the client registration.

getClientRegistrationId() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest

Returns the identifier for the client registration.

getClientRegistrationId() - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder

getClientSecret() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration

Returns the client secret.

getClock() - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler

getCn() - Method in class org.springframework.security.ldap.userdetails.Person

getCode() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse

Returns the authorization code.

getComment() - Method in class org.springframework.security.web.savedrequest.SavedCookie

Deprecated, for removal: This API element is subject to removal in a future version.

getConfigAttributes() - Method in class org.springframework.security.access.event.AuthenticationCredentialsNotFoundEvent

Deprecated.

getConfigAttributes() - Method in class org.springframework.security.access.event.AuthorizationFailureEvent

Deprecated.

getConfigAttributes() - Method in class org.springframework.security.access.event.AuthorizedEvent

Deprecated.

getConfiguration() - Method in class org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider

getConfigurationMetadata() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails

Returns a Map of the metadata describing the provider's configuration.

getConfigurer(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Gets the SecurityConfigurer by its class name or null if not found.

getConfigurer(Class<C>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder

Gets the SecurityConfigurer by its class name or null if not found.

getConfigurers(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Gets all the SecurityConfigurer instances by its class name or an empty List if not found.

getContentType() - Method in class org.springframework.security.oauth2.jwt.JwsHeader

Returns the content type header that declares the media type of the secured content (the payload).

getContext() - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer

getContext() - Method in class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy

Obtains the current context.

getContext() - Static method in class org.springframework.security.core.context.ReactiveSecurityContextHolder

Gets the Mono<SecurityContext> from Reactor Context

getContext() - Static method in class org.springframework.security.core.context.SecurityContextHolder

Obtain the current SecurityContext.

getContext() - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy

Obtains the current context.

getContext() - Static method in class org.springframework.security.test.context.TestSecurityContextHolder

Gets the SecurityContext from TestSecurityContextHolder.

getContext() - Method in class org.springframework.security.test.context.TestSecurityContextHolderStrategyAdapter

getContext(PageContext) - Method in class org.springframework.security.taglibs.authz.AccessControlListTag

Allows test cases to override where application context obtained from.

getContext(String, String) - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyAwareContextSource

getContextHolderStrategy() - Static method in class org.springframework.security.core.context.SecurityContextHolder

Allows retrieval of the context strategy.

getContextPath() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest

getContextSource() - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory

Gets the BaseLdapPathContextSource used to perform LDAP authentication.

getContextSource() - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator

getContextSource() - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

getContextualName(AuthenticationObservationContext) - Method in class org.springframework.security.authentication.AuthenticationObservationConvention

getContextualName(AuthorizationObservationContext<?>) - Method in class org.springframework.security.authorization.AuthorizationObservationConvention

getControlInstance(Control) - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyControlFactory

Creates an instance of PasswordPolicyResponseControl if the passed control is a response control of this type.

getCookie() - Method in class org.springframework.security.web.savedrequest.SavedCookie

getCookieName() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

getCookiePath() - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

Get the path that the CSRF cookie will be set to.

getCookies() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest

getCookies() - Method in interface org.springframework.security.web.savedrequest.SavedRequest

getCookies() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest

getCountry() - Method in interface org.springframework.security.oauth2.core.oidc.AddressStandardClaim

Returns the country.

getCountry() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim

getCreated() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord

When this CredentialRecord was created.

getCreated() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord

getCreationOptions() - Method in class org.springframework.security.web.webauthn.management.ImmutableRelyingPartyRegistrationRequest

getCreationOptions() - Method in interface org.springframework.security.web.webauthn.management.RelyingPartyRegistrationRequest

getCredential() - Method in class org.springframework.security.web.webauthn.management.RelyingPartyPublicKey

getCredentialId() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord

The credential.id.

getCredentialId() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord

getCredentials() - Method in class org.springframework.security.access.intercept.RunAsUserToken

Deprecated.

getCredentials() - Method in class org.springframework.security.authentication.AnonymousAuthenticationToken

Always returns an empty String

getCredentials() - Method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken

getCredentials() - Method in class org.springframework.security.authentication.RememberMeAuthenticationToken

Always returns an empty String

getCredentials() - Method in class org.springframework.security.authentication.TestingAuthenticationToken

getCredentials() - Method in class org.springframework.security.authentication.UsernamePasswordAuthenticationToken

getCredentials() - Method in class org.springframework.security.cas.authentication.CasAssertionAuthenticationToken

getCredentials() - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken

getCredentials() - Method in class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken

getCredentials() - Method in interface org.springframework.security.core.Authentication

The credentials that prove the principal is correct.

getCredentials() - Method in class org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource

getCredentials() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken

getCredentials() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken

getCredentials() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken

getCredentials() - Method in class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken

getCredentials() - Method in class org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken

getCredentials() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2Authentication

getCredentials() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken

Returns the decoded and inflated SAML 2.0 Response XML object as a string

getCredentials() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken

Get the credentials

getCredentials() - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication

getCredentials() - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationRequestToken

getCredentialsCharset() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter

getCredentialsCharset(HttpServletRequest) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter

getCredentialsCharset(HttpServletRequest) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter

getCredentialsNotFoundException() - Method in class org.springframework.security.access.event.AuthenticationCredentialsNotFoundEvent

Deprecated.

getCredentialType() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord

The credential.type

getCredentialType() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord

getCredentialTypes() - Method in class org.springframework.security.saml2.core.Saml2X509Credential

List all this credential's intended usages

getCredProtectionPolicy() - Method in class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput.CredProtect

getCritical() - Method in class org.springframework.security.oauth2.jwt.JwsHeader

Returns the critical headers that indicates which extensions to the JWS/JWE/JWA specifications are being used that MUST be understood and processed.

getCsrfTokenRepository(HttpServletRequest) - Static method in class org.springframework.security.test.web.support.WebTestUtils

Gets the CsrfTokenRepository for the specified HttpServletRequest.

getCsrfTokenRequestHandler(HttpServletRequest) - Static method in class org.springframework.security.test.web.support.WebTestUtils

Gets the CsrfTokenRequestHandler for the specified HttpServletRequest.

getCurrentDate() - Static method in class org.springframework.security.web.savedrequest.FastHttpDateFormat

Gets the current date in HTTP format.

getCurrentSession() - Method in class org.springframework.security.web.server.authentication.MaximumSessionsContext

getDatabasePopulator() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

getDataCode() - Method in exception org.springframework.security.ldap.authentication.ad.ActiveDirectoryAuthenticationException

getDataMimeType() - Method in interface org.springframework.security.rsocket.api.PayloadExchange

getDataMimeType() - Method in class org.springframework.security.rsocket.core.DefaultPayloadExchange

getDate() - Method in class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken

getDecision() - Method in class org.springframework.security.authorization.AuthorizationObservationContext

Deprecated.

please use AuthorizationObservationContext.getAuthorizationResult() instead

getDecisionVoters() - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager

Deprecated.

getDecodedUrlBlacklist() - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Provides the existing decoded url blocklist which can add/remove entries from

getDecodedUrlBlocklist() - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Provides the existing decoded url blocklist which can add/remove entries from

getDecodedUrlBlocklist() - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

getDecryptionX509Credentials() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration

Get the Collection of decryption Saml2X509Credentials associated with this relying party

getDefaultMessage() - Method in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus

getDefaultRolePrefix() - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler

getDefaultTargetUrl() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

Supplies the default target Url that will be used if no saved request is found or the alwaysUseDefaultTargetUrl property is set to true.

getDefaultUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

Gets the default UserDetailsService for the AuthenticationManagerBuilder.

getDeferredContext() - Method in class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy

Obtains a Supplier that returns the current context.

getDeferredContext() - Static method in class org.springframework.security.core.context.SecurityContextHolder

Obtains a Supplier that returns the current context.

getDeferredContext() - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy

Obtains a Supplier that returns the current context.

getDelegateExecutor() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutor

getDepartmentNumber() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson

getDescription() - Method in class org.springframework.security.ldap.userdetails.Person

getDescription() - Method in class org.springframework.security.oauth2.core.OAuth2Error

Returns the error description.

getDescription() - Method in class org.springframework.security.saml2.core.Saml2Error

Returns the error description.

getDescription() - Method in class org.springframework.security.util.InMemoryResource

getDestinationIndicator() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson

getDetails() - Method in class org.springframework.security.authentication.AbstractAuthenticationToken

getDetails() - Method in interface org.springframework.security.core.Authentication

Stores additional details about the authentication request.

getDeviceCode() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse

Returns the Device Code.

getDigestAlgorithm() - Method in enum class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.RememberMeTokenAlgorithm

getDispatcherWebApplicationContextSuffix() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer

Return the <servlet-name> to use the DispatcherServlet's WebApplicationContext to find the DelegatingFilterProxy or null to use the parent ApplicationContext.

getDisplayName() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson

getDisplayName() - Method in class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity

getDisplayName() - Method in interface org.springframework.security.web.webauthn.api.PublicKeyCredentialUserEntity

The displayName is a human-palatable name for the user account, intended only for display.

getDn() - Method in class org.springframework.security.ldap.userdetails.LdapAuthority

Returns the DN for this LDAP authority

getDn() - Method in interface org.springframework.security.ldap.userdetails.LdapUserDetails

The DN of the entry for this user's account.

getDn() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl

getDomain() - Method in class org.springframework.security.web.savedrequest.SavedCookie

getDomainObject() - Method in class org.springframework.security.taglibs.authz.AccessControlListTag

getDomainObjectInstance(MethodInvocation) - Method in class org.springframework.security.access.vote.AbstractAclVoter

Deprecated.

getEmail() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor

Returns the user's preferred e-mail address (email).

getEmailVerified() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor

Returns true if the user's e-mail address has been verified (email_verified), otherwise false.

getEmployeeNumber() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson

getEnableAuthorities() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

getEnableGroups() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

getEncodedUrlBlacklist() - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Deprecated.

Use StrictHttpFirewall.getEncodedUrlBlocklist() instead

getEncodedUrlBlocklist() - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Provides the existing encoded url blocklist which can add/remove entries from

getEncodedUrlBlocklist() - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

getEncodedValue() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyControl

Retrieves the ASN.1 BER encoded value of the LDAP control.

getEncodedValue() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl

Returns the unchanged value of the response control.

getEncodeServiceUrlWithSessionId() - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint

Sets whether to encode the service url with the session id or not.

getEncryptionX509Credentials() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata

Get all encryption Saml2X509Credentials associated with this asserting party

getEncryptionX509Credentials() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails

Get all encryption Saml2X509Credentials associated with this asserting party

getEntityDescriptor() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails

Get the EntityDescriptor that underlies this RelyingPartyRegistration.AssertingPartyDetails

getEntityId() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata

Get the asserting party's EntityID.

getEntityId() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails

Get the asserting party's EntityID.

getEntityId() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration

Get the relying party's EntityID.

getEntries() - Method in class org.springframework.security.acls.domain.AclImpl

getEntries() - Method in interface org.springframework.security.acls.model.Acl

Returns all of the entries represented by the present Acl.

getEntry() - Method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcherEntry

getEntry() - Method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcherEntry

getEntry() - Method in class org.springframework.security.web.util.matcher.RequestMatcherEntry

getEntryPoint() - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor

getEntryPoint() - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor

getEntryPoint() - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint.DelegateEntry

getError() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse

Returns the OAuth 2.0 Error if the Authorization Request failed, otherwise null.

getError() - Method in exception org.springframework.security.oauth2.core.OAuth2AuthenticationException

Returns the OAuth 2.0 Error.

getError() - Method in exception org.springframework.security.oauth2.core.OAuth2AuthorizationException

Returns the OAuth 2.0 Error.

getErrorCode() - Method in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus

getErrorCode() - Method in class org.springframework.security.oauth2.core.OAuth2Error

Returns the error code.

getErrorCode() - Method in class org.springframework.security.saml2.core.Saml2Error

Returns the error code.

getErrors() - Method in class org.springframework.security.oauth2.core.OAuth2TokenValidatorResult

Return error details regarding the validation attempt

getErrors() - Method in exception org.springframework.security.oauth2.jwt.JwtValidationException

Return the list of OAuth2Errors associated with this exception

getErrors() - Method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult

Return error details regarding the validation attempt

getErrors() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult

Return error details regarding the validation attempt

getErrorStatus() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl

getEvents() - Method in interface org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimAccessor

Returns a Map that identifies this token as a logout token

getException() - Method in class org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent

getException() - Method in class org.springframework.security.authentication.jaas.event.JaasAuthenticationFailedEvent

getExchange() - Method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeAuthorizationContext

getExchange() - Method in class org.springframework.security.web.server.authorization.AuthorizationContext

getExchange() - Method in class org.springframework.security.web.server.WebFilterExchange

Get the exchange

getExcludeCredentials() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions

The excludeCredentials property is the OPTIONAL member used by the Relying Party to list any existing credentials mapped to this user account (as identified by user.id).

getExpiresAt() - Method in class org.springframework.security.authentication.ott.DefaultOneTimeToken

getExpiresAt() - Method in interface org.springframework.security.authentication.ott.OneTimeToken

getExpiresAt() - Method in class org.springframework.security.oauth2.core.AbstractOAuth2Token

Returns the expiration time on or after which the token MUST NOT be accepted.

getExpiresAt() - Method in interface org.springframework.security.oauth2.core.OAuth2Token

Returns the expiration time on or after which the token MUST NOT be accepted.

getExpiresAt() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor

Returns a timestamp (exp) indicating when the token expires

getExpiresAt() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor

Returns the Expiration time (exp) on or after which the ID Token MUST NOT be accepted.

getExpiresAt() - Method in interface org.springframework.security.oauth2.jwt.JwtClaimAccessor

Returns the Expiration time (exp) claim which identifies the expiration time on or after which the JWT MUST NOT be accepted for processing.

getExpression() - Method in class org.springframework.security.authorization.ExpressionAuthorizationDecision

getExpressionAttribute() - Method in class org.springframework.security.authorization.method.ExpressionAttributeAuthorizationDecision

Deprecated.

getExpressionHandler() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Deprecated.

Gets the MethodSecurityExpressionHandler or creates it using GlobalMethodSecurityConfiguration.expressionHandler.

getExpressionHandler() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Gets the SecurityExpressionHandler to be used.

getExpressionParser() - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler

getExpressionParser() - Method in interface org.springframework.security.access.expression.SecurityExpressionHandler

getExpressionParser() - Method in class org.springframework.security.messaging.access.expression.MessageAuthorizationContextSecurityExpressionHandler

getExtendedInformation() - Method in class org.springframework.security.core.token.DefaultToken

getExtendedInformation() - Method in interface org.springframework.security.core.token.Token

Obtains the extended information associated within the token, which was presented when the token was first created.

getExtensionId() - Method in class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension

getExtensionId() - Method in interface org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientInput

Gets the extension identifier.

getExtensionId() - Method in interface org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientOutput

Gets the extension identifier.

getExtensionId() - Method in class org.springframework.security.web.webauthn.api.CredentialPropertiesOutput

getExtensionId() - Method in class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput

getExtensionId() - Method in class org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInput

getExtensions() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions

The extensions property is an OPTIONAL member used by the Relying Party to provide client extension inputs requesting additional processing by the client and authenticator.

getExtensions() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions

The extensions is an OPTIONAL property used by the Relying Party to provide client extension inputs requesting additional processing by the client and authenticator.

getExtraHiddenFields(HttpServletRequest) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor

getExtraHiddenFields(ServerWebExchange) - Method in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor

getFailureHandler() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

getFailureHandler() - Method in class org.springframework.security.web.authentication.AuthenticationFilter

getFailureUrl() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Gets the URL to send users to if authentication fails

getFamilyName() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor

Returns the user's surname(s) or last name(s) (family_name).

getField(Class<?>, String) - Static method in class org.springframework.security.util.FieldUtils

Attempts to locate the specified field on the class.

getFieldValue(Object, String) - Static method in class org.springframework.security.util.FieldUtils

Returns the value of a (nested) field on a bean.

getFileName() - Method in class org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponse

getFilterChain() - Method in class org.springframework.security.web.session.SessionInformationExpiredEvent

getFilterChainProxy() - Method in class org.springframework.security.web.debug.DebugFilter

getFilterChains() - Method in class org.springframework.security.web.FilterChainProxy

getFilterObject() - Method in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations

getFilters() - Method in class org.springframework.security.web.DefaultSecurityFilterChain

getFilters() - Method in interface org.springframework.security.web.SecurityFilterChain

getFilters(String) - Method in class org.springframework.security.web.FilterChainProxy

Convenience method, mainly for testing.

getFirewalledExchange(ServerWebExchange) - Method in interface org.springframework.security.web.server.firewall.ServerWebExchangeFirewall

Get a ServerWebExchange that has firewall rules applied to it.

getFirewalledExchange(ServerWebExchange) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

getFirewalledRequest(HttpServletRequest) - Method in class org.springframework.security.web.firewall.DefaultHttpFirewall

getFirewalledRequest(HttpServletRequest) - Method in interface org.springframework.security.web.firewall.HttpFirewall

Provides the request object which will be passed through the filter chain.

getFirewalledRequest(HttpServletRequest) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

getFirewalledResponse(HttpServletResponse) - Method in class org.springframework.security.web.firewall.DefaultHttpFirewall

getFirewalledResponse(HttpServletResponse) - Method in interface org.springframework.security.web.firewall.HttpFirewall

Provides the response which will be passed through the filter chain.

getFirewalledResponse(HttpServletResponse) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

getFirstAttribute(String) - Method in interface org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal

Get the first value of Saml2 token attribute by name

getFirstAttributeValue(String) - Method in class org.springframework.security.ldap.userdetails.LdapAuthority

Returns the first attribute value for a specified attribute

getFirstThrowableOfType(Class<? extends Throwable>, Throwable[]) - Method in class org.springframework.security.web.util.ThrowableAnalyzer

Returns the first throwable from the passed in array that is assignable to the provided type.

getFormatted() - Method in interface org.springframework.security.oauth2.core.oidc.AddressStandardClaim

Returns the full mailing address, formatted for display.

getFormatted() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim

getFromCache(Serializable) - Method in class org.springframework.security.acls.domain.SpringCacheBasedAclCache

getFromCache(Serializable) - Method in interface org.springframework.security.acls.model.AclCache

getFromCache(ObjectIdentity) - Method in class org.springframework.security.acls.domain.SpringCacheBasedAclCache

getFromCache(ObjectIdentity) - Method in interface org.springframework.security.acls.model.AclCache

getFullDn(LdapName, Context) - Static method in class org.springframework.security.ldap.LdapUtils

getFullDn(DistinguishedName, Context) - Static method in class org.springframework.security.ldap.LdapUtils

Deprecated.

Use LdapUtils.getFullDn(LdapName, Context)

getFullName() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor

Returns the user's full name (name) in displayable form.

getFullRequestUrl() - Method in class org.springframework.security.web.FilterInvocation

Indicates the URL that the user agent used for this request.

getGender() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor

Returns the user's gender (gender).

getGeneratedBy() - Method in class org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent

Getter for the Class that generated this event.

getGivenName() - Method in class org.springframework.security.ldap.userdetails.Person

getGivenName() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor

Returns the user's given name(s) or first name(s) (given_name).

getGraceLoginsRemaining() - Method in interface org.springframework.security.ldap.ppolicy.PasswordPolicyData

getGraceLoginsRemaining() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl

Returns the graceLoginsRemaining.

getGraceLoginsRemaining() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl

getGrantedAuthorities() - Method in interface org.springframework.security.core.authority.GrantedAuthoritiesContainer

getGrantedAuthorities() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence

getGrantedAuthorities() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails

getGrantedAuthorities(Collection<String>) - Method in interface org.springframework.security.core.authority.mapping.Attributes2GrantedAuthoritiesMapper

Implementations of this method should map the given collection of attributes to a collection of Spring Security GrantedAuthorities.

getGrantedAuthorities(Collection<String>) - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper

Map the given array of attributes to Spring Security GrantedAuthorities.

getGrantedAuthorities(Collection<String>) - Method in class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper

Map the given list of string attributes one-to-one to Spring Security GrantedAuthorities.

getGrantedAuthorities(DirContextOperations, String) - Method in class org.springframework.security.ldap.authentication.ad.DefaultActiveDirectoryAuthoritiesPopulator

getGrantedAuthorities(DirContextOperations, String) - Method in class org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator

getGrantedAuthorities(DirContextOperations, String) - Method in class org.springframework.security.ldap.authentication.UserDetailsServiceLdapAuthoritiesPopulator

getGrantedAuthorities(DirContextOperations, String) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

Obtains the authorities for the user who's directory entry is represented by the supplied LdapUserDetails object.

getGrantedAuthorities(DirContextOperations, String) - Method in interface org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator

Get the list of authorities for the user.

getGrantedAuthority() - Method in class org.springframework.security.acls.domain.GrantedAuthoritySid

getGrantType() - Method in class org.springframework.security.oauth2.client.endpoint.AbstractOAuth2AuthorizationGrantRequest

Returns the authorization grant type.

getGrantType() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest

Returns the grant type.

getGroupMembershipRoles(String, String) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

getGroupMembershipRoles(String, String) - Method in class org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator

getGroupRoleAttribute() - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

Returns the attribute name of the LDAP attribute that will be mapped to the role name Method available so that classes extending this can override

getGroupSearchBase() - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

getGroupSearchFilter() - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

Returns the search filter configured for this populator Method available so that classes extending this can override

getHasPermission() - Method in class org.springframework.security.taglibs.authz.AccessControlListTag

getHeader(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader

Returns the header value.

getHeaderName() - Method in interface org.springframework.security.web.csrf.CsrfToken

Gets the HTTP header that the CSRF is populated on the response and can be placed on requests instead of the parameter.

getHeaderName() - Method in class org.springframework.security.web.csrf.DefaultCsrfToken

getHeaderName() - Method in interface org.springframework.security.web.server.csrf.CsrfToken

Gets the HTTP header that the CSRF is populated on the response and can be placed on requests instead of the parameter.

getHeaderName() - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken

getHeaderNames() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest

getHeaderNames() - Method in interface org.springframework.security.web.savedrequest.SavedRequest

getHeaderNames() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest

getHeaders() - Method in class org.springframework.security.oauth2.client.endpoint.NimbusJwtClientAuthenticationParametersConverter.JwtClientAuthenticationContext

Returns the JwsHeader.Builder to be used to customize headers of the JSON Web Token (JWS).

getHeaders() - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder

getHeaders() - Method in class org.springframework.security.oauth2.jwt.JwsHeader

Returns the headers.

getHeaders() - Method in class org.springframework.security.oauth2.jwt.Jwt

Returns the JOSE header(s).

getHeaderValue() - Method in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive

getHeaderValue() - Method in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive

getHeaderValues(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest

getHeaderValues(String) - Method in interface org.springframework.security.web.savedrequest.SavedRequest

getHeaderValues(String) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest

getHighCardinalityKeyValues(AuthorizationObservationContext<?>) - Method in class org.springframework.security.authorization.AuthorizationObservationConvention

getHomePhone() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson

getHomePostalAddress() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson

getHttpRequest() - Method in class org.springframework.security.web.FilterInvocation

getHttpResponse() - Method in class org.springframework.security.web.FilterInvocation

getHttpStatus() - Method in class org.springframework.security.oauth2.server.resource.BearerTokenError

Return the HTTP status.

getId() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl

getId() - Method in class org.springframework.security.acls.domain.AclImpl

getId() - Method in interface org.springframework.security.acls.model.AccessControlEntry

Obtains an identifier that represents this ACE.

getId() - Method in interface org.springframework.security.acls.model.MutableAcl

Obtains an identifier that represents this MutableAcl.

getId() - Method in class org.springframework.security.core.session.SessionDestroyedEvent

getId() - Method in interface org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimAccessor

Returns the JWT ID (jti) claim which provides a unique identifier for the JWT.

getId() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor

Returns the identifier (jti) for the token

getId() - Method in interface org.springframework.security.oauth2.jwt.JwtClaimAccessor

Returns the JWT ID (jti) claim which provides a unique identifier for the JWT.

getId() - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest

The unique identifier for this Authentication Request

getId() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest

The unique identifier for this Logout Request

getId() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag

getId() - Method in class org.springframework.security.web.session.HttpSessionDestroyedEvent

getId() - Method in class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity

getId() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential

The id attribute is inherited from Credential, though PublicKeyCredential overrides Credential's getter, instead returning the base64url encoding of the data contained in the object's [[identifier]] internal slot.

getId() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor

The id property contains the credential ID of the public key credential the caller is referring to.

getId() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRpEntity

The id property is a unique identifier for the Relying Party entity, which sets the RP ID.

getId() - Method in interface org.springframework.security.web.webauthn.api.PublicKeyCredentialUserEntity

The id is the user handle of the user account.

getID() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyControl

Returns the OID of the Password Policy Control ("1.3.6.1.4.1.42.2.27.8.5.1").

getIdentifier() - Method in class org.springframework.security.acls.domain.ObjectIdentityImpl

getIdentifier() - Method in interface org.springframework.security.acls.model.ObjectIdentity

Obtains the actual identifier.

getIdToken() - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest

Returns the ID Token containing claims about the user.

getIdToken() - Method in class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser

getIdToken() - Method in interface org.springframework.security.oauth2.core.oidc.user.OidcUser

Returns the ID Token containing claims about the user.

getIdToken() - Method in class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority

Returns the ID Token containing claims about the user.

getInitializeCount() - Static method in class org.springframework.security.core.context.SecurityContextHolder

Primarily for troubleshooting purposes, this method shows how many times the class has re-initialized its SecurityContextHolderStrategy.

getInitials() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson

getInput() - Method in interface org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientInput

Gets the client extension.

getInput() - Method in class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput

getInput() - Method in class org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInput

getInputs() - Method in interface org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientInputs

Gets all of the AuthenticationExtensionsClientInput.

getInputs() - Method in class org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInputs

getInputStream() - Method in class org.springframework.security.util.InMemoryResource

getInsecureKeyword() - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor

getInstance() - Static method in class org.springframework.security.crypto.password.NoOpPasswordEncoder

Deprecated.

Get the singleton NoOpPasswordEncoder.

getInstance() - Static method in class org.springframework.security.web.server.context.NoOpServerSecurityContextRepository

getInstance() - Static method in class org.springframework.security.web.server.savedrequest.NoOpServerRequestCache

getInternalMethod() - Method in class org.springframework.security.acls.AclEntryVoter

Optionally specifies a method of the domain object that will be used to obtain a contained domain object.

getInterval() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse

Returns the minimum amount of time (in seconds) that the client should wait between polling requests to the token endpoint.

getIntrospector() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec

getIssuedAt() - Method in interface org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimAccessor

Returns the time at which the ID Token was issued (iat).

getIssuedAt() - Method in class org.springframework.security.oauth2.core.AbstractOAuth2Token

Returns the time at which the token was issued.

getIssuedAt() - Method in interface org.springframework.security.oauth2.core.OAuth2Token

Returns the time at which the token was issued.

getIssuedAt() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor

Returns a timestamp (iat) indicating when the token was issued

getIssuedAt() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor

Returns the time at which the ID Token was issued (iat).

getIssuedAt() - Method in interface org.springframework.security.oauth2.jwt.JwtClaimAccessor

Returns the Issued at (iat) claim which identifies the time at which the JWT was issued.

getIssuer() - Method in interface org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimAccessor

Returns the Issuer identifier (iss).

getIssuer() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor

Returns the issuer (iss) of the token

getIssuer() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor

Returns the Issuer identifier (iss).

getIssuer() - Method in interface org.springframework.security.oauth2.jwt.JwtClaimAccessor

Returns the Issuer (iss) claim which identifies the principal that issued the JWT.

getIssuerUri() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails

Returns the issuer identifier uri for the OpenID Connect 1.0 provider or the OAuth 2.0 Authorization Server.

getJceName() - Method in enum class org.springframework.security.crypto.encrypt.RsaAlgorithm

getJwk() - Method in class org.springframework.security.oauth2.jwt.JwsHeader

Returns the JSON Web Key which is the public key that corresponds to the key used to digitally sign the JWS or encrypt the JWE.

getJwkSetUri() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails

Returns the uri for the JSON Web Key (JWK) Set endpoint.

getJwkSetUrl() - Method in class org.springframework.security.oauth2.jwt.JwsHeader

Returns the JWK Set URL that refers to the resource of a set of JSON-encoded public keys, one of which corresponds to the key used to digitally sign the JWS or encrypt the JWE.

getJwsHeader() - Method in class org.springframework.security.oauth2.jwt.JwtEncoderParameters

Returns the JWS headers.

getJwt() - Method in class org.springframework.security.oauth2.client.endpoint.JwtBearerGrantRequest

Returns the JWT assertion.

getJwtAuthenticationConverter() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

getJwtDecoder() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

getKey() - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider

Deprecated.

getKey() - Method in class org.springframework.security.access.intercept.RunAsManagerImpl

Deprecated.

getKey() - Method in class org.springframework.security.authentication.AnonymousAuthenticationProvider

getKey() - Method in class org.springframework.security.authentication.RememberMeAuthenticationProvider

getKey() - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider

getKey() - Method in class org.springframework.security.core.token.DefaultToken

getKey() - Method in interface org.springframework.security.core.token.Token

Obtains the randomised, secure key assigned to this token.

getKey() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

getKey() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint

getKeyCreationTime() - Method in class org.springframework.security.core.token.DefaultToken

getKeyCreationTime() - Method in interface org.springframework.security.core.token.Token

The time the token key was initially created is available from this method.

getKeyHash() - Method in class org.springframework.security.access.intercept.RunAsUserToken

Deprecated.

getKeyHash() - Method in class org.springframework.security.authentication.AnonymousAuthenticationToken

getKeyHash() - Method in class org.springframework.security.authentication.RememberMeAuthenticationToken

getKeyHash() - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken

getKeyId() - Method in class org.springframework.security.oauth2.jwt.JwsHeader

Returns the key ID that is a hint indicating which key was used to secure the JWS or JWE.

getKeyLength() - Method in interface org.springframework.security.crypto.keygen.BytesKeyGenerator

Get the length, in bytes, of keys created by this generator.

getKeyPair(String) - Method in class org.springframework.security.crypto.encrypt.KeyStoreKeyFactory

getKeyPair(String, char[]) - Method in class org.springframework.security.crypto.encrypt.KeyStoreKeyFactory

getLabel() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord

A human-readable label for this CredentialRecord assigned by the user.

getLabel() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord

getLabel() - Method in class org.springframework.security.web.webauthn.management.RelyingPartyPublicKey

getLastAccessTime() - Method in class org.springframework.security.core.session.ReactiveSessionInformation

getLastRequest() - Method in class org.springframework.security.core.session.SessionInformation

getLastUsed() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord

The last time this CredentialRecord was used.

getLastUsed() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord

getLdapTemplate() - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

Returns the current LDAP template.

getLocale() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor

Returns the user's locale (locale).

getLocales() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest

getLocales() - Method in interface org.springframework.security.web.savedrequest.SavedRequest

getLocales() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest

getLocality() - Method in interface org.springframework.security.oauth2.core.oidc.AddressStandardClaim

Returns the city or locality.

getLocality() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim

getLocalPort() - Method in class org.springframework.security.ldap.server.ApacheDSContainer

Deprecated.

Returns the port that is resolved by TcpTransport.

getLocation() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest

Get the location of the asserting party's SingleLogoutService

getLoginConfig() - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider

getLoginContext() - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationToken

getLoginFormUrl() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

getLoginPage() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Gets the login page

getLoginPageUrl() - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

getLoginProcessingUrl() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Gets the URL to submit an authentication request to (i.e.

getLoginUrl() - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint

The enterprise-wide CAS login URL.

getLogoutHandlers() - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

Gets the LogoutHandler instances that will be used.

getLogoutRequest() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters

The SAML 2.0 Logout Request sent by the asserting party

getLogoutRequest() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidatorParameters

The SAML 2.0 Logout Request sent by this application

getLogoutResponse() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidatorParameters

The SAML 2.0 Logout Response received from the asserting party

getLogoutSuccessHandler() - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

Gets the LogoutSuccessHandler if not null, otherwise creates a new SimpleUrlLogoutSuccessHandler using the LogoutConfigurer.logoutSuccessUrl(String).

getLowCardinalityKeyValues(AuthenticationObservationContext) - Method in class org.springframework.security.authentication.AuthenticationObservationConvention

getLowCardinalityKeyValues(AuthorizationObservationContext<?>) - Method in class org.springframework.security.authorization.AuthorizationObservationConvention

getMail() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson

getMappableAttributes() - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper

getMappableAttributes() - Method in interface org.springframework.security.core.authority.mapping.MappableAttributesRetriever

Implementations of this method should return a set of all string attributes which can be mapped to GrantedAuthoritys.

getMappableAttributes() - Method in class org.springframework.security.core.authority.mapping.SimpleMappableAttributesRetriever

getMappableAttributes() - Method in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever

getMappedPort(Integer) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint

getMappedPort(Integer) - Method in class org.springframework.security.web.access.channel.RetryWithHttpEntryPoint

getMappedPort(Integer) - Method in class org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint

getMask() - Method in class org.springframework.security.acls.domain.AbstractPermission

getMask() - Method in interface org.springframework.security.acls.model.Permission

Returns the bits that represents the permission.

getMatcher() - Method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcherEntry

getMatcher() - Method in class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry

getMatcher() - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint.DelegateEntry

getMatcher() - Method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcherEntry

getMatchers() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

getMatchers() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Deprecated.

getMatchers() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl

Deprecated.

getMatchingRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache

getMatchingRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache

getMatchingRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.NullRequestCache

getMatchingRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.savedrequest.RequestCache

Returns a wrapper around the saved request, if it matches the current request.

getMaxAge() - Method in class org.springframework.security.web.savedrequest.SavedCookie

getMaximumSessionsAllowed() - Method in class org.springframework.security.web.server.authentication.MaximumSessionsContext

getMaximumSessionsForThisUser(Authentication) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy

Method intended for use by subclasses to override the maximum number of sessions that are permitted for a particular authentication.

getMaxLength() - Method in enum class org.springframework.security.crypto.encrypt.RsaAlgorithm

getMessage() - Method in class org.springframework.security.messaging.access.intercept.MessageAuthorizationContext

Returns the HttpServletRequest.

getMessageMatchers() - Method in class org.springframework.security.messaging.util.matcher.AbstractMessageMatcherComposite

getMessages() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

getMessageTypeMatcher() - Method in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher

getMetadata() - Method in class org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponse

getMetadataMimeType() - Method in interface org.springframework.security.rsocket.api.PayloadExchange

getMetadataMimeType() - Method in class org.springframework.security.rsocket.core.DefaultPayloadExchange

getMethod() - Method in class org.springframework.security.access.intercept.aspectj.MethodInvocationAdapter

Deprecated.

getMethod() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag

getMethod() - Method in class org.springframework.security.util.SimpleMethodInvocation

getMethod() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest

getMethod() - Method in interface org.springframework.security.web.savedrequest.SavedRequest

getMethod() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest

getMethodInvocation() - Method in class org.springframework.security.authorization.method.MethodInvocationResult

Return the already-invoked MethodInvocation

getMethodMapSize() - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource

Deprecated.

getMethodSecurityMetadataSources() - Method in class org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource

Deprecated.

getMiddleName() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor

Returns the user's middle name(s) (middle_name).

getMobile() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson

getModules(ClassLoader) - Static method in class org.springframework.security.jackson2.SecurityJackson2Modules

getName() - Method in class org.springframework.security.authentication.AbstractAuthenticationToken

getName() - Method in class org.springframework.security.authentication.AuthenticationObservationConvention

getName() - Method in class org.springframework.security.authorization.AuthorizationObservationConvention

getName() - Method in interface org.springframework.security.core.AuthenticatedPrincipal

Returns the name of the authenticated Principal.

getName() - Method in class org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal

getName() - Method in class org.springframework.security.oauth2.core.user.DefaultOAuth2User

getName() - Method in interface org.springframework.security.oauth2.jose.JwaAlgorithm

Returns the algorithm name.

getName() - Method in enum class org.springframework.security.oauth2.jose.jws.MacAlgorithm

Returns the algorithm name.

getName() - Method in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm

Returns the algorithm name.

getName() - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken

The principal name which is, by default, the Jwt's subject

getName() - Method in class org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal

getName() - Method in class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal

getName() - Method in class org.springframework.security.web.header.Header

Gets the name of the header.

getName() - Method in class org.springframework.security.web.savedrequest.SavedCookie

getName() - Method in class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity

getName() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRpEntity

The name property is a human-palatable name for the entity.

getName() - Method in interface org.springframework.security.web.webauthn.api.PublicKeyCredentialUserEntity

The name property is a human-palatable identifier for a user account.

getName() - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication

getNameIdFormat() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration

Get the NameID format.

getNewContext() - Method in class org.springframework.security.core.context.SecurityContextChangedEvent

Get the SecurityContext set on the SecurityContextHolder as of this event

getNewSessionId() - Method in class org.springframework.security.core.session.SessionIdChangedEvent

Returns the new session ID.

getNewSessionId() - Method in class org.springframework.security.web.authentication.session.SessionFixationProtectionEvent

Getter for the session ID after it was changed.

getNewSessionId() - Method in class org.springframework.security.web.session.HttpSessionIdChangedEvent

getNickName() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor

Returns the user's nick name (nickname) that may or may not be the same as the (given_name).

getNonce() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor

Returns a String value (nonce) used to associate a Client session with an ID Token, and to mitigate replay attacks.

getNonceValiditySeconds() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint

getNotBefore() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor

Returns a timestamp (nbf) indicating when the token is not to be used before

getNotBefore() - Method in interface org.springframework.security.oauth2.jwt.JwtClaimAccessor

Returns the Not Before (nbf) claim which identifies the time before which the JWT MUST NOT be accepted for processing.

getO() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson

getObject() - Method in class org.springframework.security.authorization.AuthorizationObservationContext

Get the object for which access was requested

getObject() - Method in class org.springframework.security.authorization.event.AuthorizationDeniedEvent

Get the object to which access was requested

getObject() - Method in class org.springframework.security.authorization.event.AuthorizationEvent

Get the object to which access was requested

getObject() - Method in class org.springframework.security.authorization.event.AuthorizationGrantedEvent

Get the object to which access was requested

getObject() - Method in class org.springframework.security.config.annotation.AbstractSecurityBuilder

Gets the object that was built.

getObject() - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean

getObject() - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean

getObject() - Method in class org.springframework.security.config.core.userdetails.UserDetailsMapFactoryBean

getObject() - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean

getObject() - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean

getObject() - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.FilterChainDecoratorFactory

getObject() - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor

getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean

getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor

getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor

getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor

getObject() - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean

getObject() - Method in class org.springframework.security.core.token.SecureRandomFactoryBean

getObjectIdentity() - Method in class org.springframework.security.acls.domain.AclImpl

getObjectIdentity() - Method in interface org.springframework.security.acls.model.Acl

Obtains the domain object this Acl provides entries for.

getObjectIdentity(Object) - Method in class org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl

getObjectIdentity(Object) - Method in interface org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy

getObjectType() - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean

getObjectType() - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean

getObjectType() - Method in class org.springframework.security.config.core.userdetails.UserDetailsMapFactoryBean

getObjectType() - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean

getObjectType() - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean

getObjectType() - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.FilterChainDecoratorFactory

getObjectType() - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor

getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean

getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor

getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor

getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor

getObjectType() - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean

getObjectType() - Method in class org.springframework.security.core.token.SecureRandomFactoryBean

getOldContext() - Method in class org.springframework.security.core.context.SecurityContextChangedEvent

Get the SecurityContext set on the SecurityContextHolder immediately previous to this event

getOldSessionId() - Method in class org.springframework.security.core.session.SessionIdChangedEvent

Returns the old session ID.

getOldSessionId() - Method in class org.springframework.security.web.authentication.session.SessionFixationProtectionEvent

Getter for the session ID before it was changed.

getOldSessionId() - Method in class org.springframework.security.web.session.HttpSessionIdChangedEvent

getOrBuild() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Similar to AbstractSecurityBuilder.build() and AbstractSecurityBuilder.getObject() but checks the state to determine if AbstractSecurityBuilder.build() needs to be called first.

getOrder() - Method in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder

getOrder() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor

getOrder() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor

getOrder() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor

getOrder() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor

getOrder() - Method in class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor

getOrder() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor

getOrder() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor

getOrder() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor

getOrder() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor

getOrder() - Method in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder

getOrder() - Method in class org.springframework.security.config.ldap.ContextSourceSettingPostProcessor

getOrder() - Method in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

getOrder() - Method in class org.springframework.security.rsocket.authentication.AnonymousPayloadInterceptor

getOrder() - Method in class org.springframework.security.rsocket.authentication.AuthenticationPayloadInterceptor

getOrder() - Method in class org.springframework.security.rsocket.authorization.AuthorizationPayloadInterceptor

getOrder() - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener

Returns 11000.

getOrder() - Method in class org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener

Returns 10000.

getOrder() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider

getOrder() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint

getOriginalAuthentication() - Method in class org.springframework.security.access.intercept.RunAsUserToken

Deprecated.

getOu() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson

getOutput() - Method in interface org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientOutput

The client extension output.

getOutput() - Method in class org.springframework.security.web.webauthn.api.CredentialPropertiesOutput

getOutputs() - Method in interface org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientOutputs

Gets all of the AuthenticationExtensionsClientOutput.

getOutputs() - Method in class org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientOutputs

getOutputStream() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper

Makes sure OnCommittedResponseWrapper.onResponseCommitted() is invoked before calling the calling getOutputStream().close() or getOutputStream().flush()

getOwner() - Method in class org.springframework.security.acls.domain.AclImpl

getOwner() - Method in interface org.springframework.security.acls.model.Acl

Determines the owner of the Acl.

getParameter() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

getParameter(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest

Get the name parameters, a short-hand for getParameters().get(name) Useful when specifying additional query parameters for the Logout Request

getParameter(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse

Get the name parameter, a short-hand for getParameters().get(name) Useful when specifying additional query parameters for the Logout Response

getParameterMap() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest

getParameterMap() - Method in interface org.springframework.security.web.savedrequest.SavedRequest

getParameterMap() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest

getParameterName() - Method in interface org.springframework.security.web.csrf.CsrfToken

Gets the HTTP parameter name that should contain the token.

getParameterName() - Method in class org.springframework.security.web.csrf.DefaultCsrfToken

getParameterName() - Method in interface org.springframework.security.web.server.csrf.CsrfToken

Gets the HTTP parameter name that should contain the token.

getParameterName() - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken

getParameterNameDiscoverer() - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler

getParameterNames() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest

getParameterNames(Constructor<?>) - Method in class org.springframework.security.core.parameters.AnnotationParameterNameDiscoverer

getParameterNames(Method) - Method in class org.springframework.security.core.parameters.AnnotationParameterNameDiscoverer

getParameters() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest

Get all parameters Useful when specifying additional query parameters for the Logout Request

getParameters() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse

Get all parameters Useful when specifying additional query parameters for the Logout Response

getParameterSpec(byte[]) - Method in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm

getParametersQuery() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest

Get an encoded query string of all parameters.

getParametersQuery() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse

Get an encoded query string of all parameters.

getParameterValues(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest

getParameterValues(String) - Method in interface org.springframework.security.web.savedrequest.SavedRequest

getParameterValues(String) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest

getParent() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag

getParentAcl() - Method in class org.springframework.security.acls.domain.AclImpl

getParentAcl() - Method in interface org.springframework.security.acls.model.Acl

A domain object may have a parent for the purpose of ACL inheritance.

getPassword() - Method in class org.springframework.security.core.userdetails.memory.UserAttribute

getPassword() - Method in class org.springframework.security.core.userdetails.User

getPassword() - Method in interface org.springframework.security.core.userdetails.UserDetails

Returns the password used to authenticate the user.

getPassword() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl

getPassword() - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest

Deprecated.

Returns the resource owner's password.

getPassword() - Method in class org.springframework.security.rsocket.metadata.UsernamePasswordMetadata

getPasswordEncoder() - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider

getPasswordEncoder() - Method in class org.springframework.security.config.authentication.PasswordEncoderParser

getPasswordParameter() - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

getPath() - Method in class org.springframework.security.web.savedrequest.SavedCookie

getPathInfo() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest

getPathPatternParser() - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry

getPathPatternParser() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec

getPattern() - Method in class org.springframework.security.acls.domain.AbstractPermission

getPattern() - Method in class org.springframework.security.acls.domain.CumulativePermission

getPattern() - Method in interface org.springframework.security.acls.model.Permission

Returns a 32-character long bit pattern String representing this permission.

getPattern() - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher

getPayload() - Method in interface org.springframework.security.rsocket.api.PayloadExchange

getPayload() - Method in class org.springframework.security.rsocket.core.DefaultPayloadExchange

getPermission() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl

getPermission() - Method in interface org.springframework.security.acls.model.AccessControlEntry

getPermissionEvaluator() - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler

getPhoneNumber() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor

Returns the user's preferred phone number (phone_number).

getPhoneNumberVerified() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor

Returns true if the user's phone number has been verified (phone_number_verified), otherwise false.

getPicture() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor

Returns the URL of the user's profile picture (picture).

getPointcut() - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor

Deprecated.

getPointcut() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor

getPointcut() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor

getPointcut() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor

getPointcut() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor

getPointcut() - Method in class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor

getPointcut() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor

getPointcut() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor

getPointcut() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor

getPointcut() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor

getPolicy() - Method in enum class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy

getPolicy() - Method in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy

getPolicy() - Method in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy

getPolicy() - Method in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy

getPolicy() - Method in enum class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy

getPolicy() - Method in enum class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy

getPolicy() - Method in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy

getPolicy() - Method in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy

getPort() - Method in class org.springframework.security.ldap.server.ApacheDSContainer

Deprecated.

getPort() - Method in interface org.springframework.security.ldap.server.EmbeddedLdapServerContainer

Returns the embedded LDAP server port.

getPort() - Method in class org.springframework.security.ldap.server.UnboundIdContainer

getPortMapper() - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint

getPortMapper() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

getPortMapper() - Method in class org.springframework.security.web.PortResolverImpl

getPortResolver() - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint

getPortResolver() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

getPostalAddress() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson

getPostalCode() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson

getPostalCode() - Method in interface org.springframework.security.oauth2.core.oidc.AddressStandardClaim

Returns the zip code or postal code.

getPostalCode() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim

getPostAuthenticationChecks() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

Override to extract the credentials (if applicable) from the current request.

getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter

For J2EE container-based authentication there is no generic way to retrieve the credentials, as such this method returns a fixed dummy value.

getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter

Credentials aren't usually applicable, but if a credentialsEnvironmentVariable is set, this will be read and used as the credentials value.

getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter

Credentials aren't usually applicable, but if a credentialsRequestHeader is set, this will be read and used as the credentials value.

getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedProcessingFilter

For J2EE container-based authentication there is no generic way to retrieve the credentials, as such this method returns a fixed dummy value.

getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter

getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

Override to extract the principal information from the current request

getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter

Return the J2EE user name.

getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter

Read and returns the variable named by principalEnvironmentVariable from the request.

getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter

Read and returns the header named by principalRequestHeader from the request.

getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedProcessingFilter

Return the WebSphere user name.

getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter

getPreAuthenticationChecks() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

getPreferredUsername() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor

Returns the preferred username (preferred_username) that the user wishes to be referred to.

getPrincipal() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot

Convenience method to access Authentication.getPrincipal() from SecurityExpressionRoot.getAuthentication()

getPrincipal() - Method in class org.springframework.security.access.intercept.RunAsUserToken

Deprecated.

getPrincipal() - Method in class org.springframework.security.acls.domain.PrincipalSid

getPrincipal() - Method in class org.springframework.security.authentication.AnonymousAuthenticationToken

getPrincipal() - Method in class org.springframework.security.authentication.jaas.JaasGrantedAuthority

getPrincipal() - Method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken

getPrincipal() - Method in class org.springframework.security.authentication.RememberMeAuthenticationToken

getPrincipal() - Method in class org.springframework.security.authentication.TestingAuthenticationToken

getPrincipal() - Method in class org.springframework.security.authentication.UsernamePasswordAuthenticationToken

getPrincipal() - Method in class org.springframework.security.cas.authentication.CasAssertionAuthenticationToken

getPrincipal() - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken

getPrincipal() - Method in class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken

getPrincipal() - Method in interface org.springframework.security.core.Authentication

The identity of the principal being authenticated.

getPrincipal() - Method in class org.springframework.security.core.session.ReactiveSessionInformation

getPrincipal() - Method in class org.springframework.security.core.session.SessionInformation

getPrincipal() - Method in class org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource

Get the principals of the logged in user, in this case the distinguished name.

getPrincipal() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken

getPrincipal() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken

getPrincipal() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken

getPrincipal() - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder

Returns the End-User Authentication (Resource Owner).

getPrincipal() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext

Returns the Principal (to be) associated to the authorized client.

getPrincipal() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest

Returns the Principal (to be) associated to the authorized client.

getPrincipal() - Method in class org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation

getPrincipal() - Method in class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken

getPrincipal() - Method in class org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken

getPrincipal() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2Authentication

getPrincipal() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken

Always returns null.

getPrincipal() - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter

getPrincipal() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken

Get the principal

getPrincipal() - Method in class org.springframework.security.web.server.context.SecurityContextServerWebExchange

getPrincipal() - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication

getPrincipal() - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationRequestToken

getPrincipalName() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClient

Returns the End-User's Principal name.

getPrincipalName() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientId

Returns the name of the End-User Principal (Resource Owner).

getPrincipalName() - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder

getPrivateKey() - Method in class org.springframework.security.saml2.core.Saml2X509Credential

Get the private key for this credential

getPrivilegeEvaluator() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Gets the WebInvocationPrivilegeEvaluator to be used.

getProcessConfigAttribute() - Method in class org.springframework.security.acls.AclEntryVoter

getProcessDomainObjectClass() - Method in class org.springframework.security.access.vote.AbstractAclVoter

Deprecated.

getProcessDomainObjectClass() - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider

getProfile() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor

Returns the URL of the user's profile page (profile).

getProtectedFieldValue(String, Object) - Static method in class org.springframework.security.util.FieldUtils

getProviderDetails() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration

Returns the details of the provider.

getProviders() - Method in class org.springframework.security.access.intercept.AfterInvocationProviderManager

Deprecated.

getProviders() - Method in class org.springframework.security.authentication.ProviderManager

getPubKeyCredParams() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions

The publicKeyCredParams params lisst the key types and signature algorithms the Relying Party Supports, ordered from most preferred to least preferred.

getPublicKey() - Method in interface org.springframework.security.crypto.encrypt.RsaKeyHolder

getPublicKey() - Method in class org.springframework.security.crypto.encrypt.RsaRawEncryptor

getPublicKey() - Method in class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

getPublicKey() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord

The publicKey

getPublicKey() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord

getPublicKey() - Method in class org.springframework.security.web.webauthn.management.ImmutableRelyingPartyRegistrationRequest

getPublicKey() - Method in class org.springframework.security.web.webauthn.management.RelyingPartyAuthenticationRequest

Gets the public key.

getPublicKey() - Method in interface org.springframework.security.web.webauthn.management.RelyingPartyRegistrationRequest

getQueryString() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest

getRawId() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential

The rawId returns the raw identifier.

getReachableGrantedAuthorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.access.hierarchicalroles.NullRoleHierarchy

getReachableGrantedAuthorities(Collection<? extends GrantedAuthority>) - Method in interface org.springframework.security.access.hierarchicalroles.RoleHierarchy

Returns an array of all reachable authorities.

getReachableGrantedAuthorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl

getRealmName() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint

getRealmName() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint

getRedirectStrategy() - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint

getRedirectStrategy() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

getRedirectStrategy() - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler

getRedirectUri() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration

Returns the uri (or uri template) for the redirection endpoint.

getRedirectUri() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest

Returns the uri for the redirection endpoint.

getRedirectUri() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse

Returns the uri where the response was redirected to.

getRedirectUri(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache

getRedirectUri(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.NoOpServerRequestCache

getRedirectUri(ServerWebExchange) - Method in interface org.springframework.security.web.server.savedrequest.ServerRequestCache

Get the URI that can be redirected to trigger the saved request to be used

getRedirectUri(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache

getRedirectUrl() - Method in class org.springframework.security.web.authentication.HttpMessageConverterAuthenticationSuccessHandler.AuthenticationSuccess

getRedirectUrl() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest

Indicates the URL that the user agent used for this request.

getRedirectUrl() - Method in interface org.springframework.security.web.savedrequest.SavedRequest

getRedirectUrl() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest

getRefreshToken() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken

Returns the refresh token.

getRefreshToken() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken

Returns the refresh token.

getRefreshToken() - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest

Returns the refresh token credential granted.

getRefreshToken() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClient

Returns the refresh token credential granted.

getRefreshToken() - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder

getRefreshToken() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse

Returns the Refresh Token.

getRegion() - Method in interface org.springframework.security.oauth2.core.oidc.AddressStandardClaim

Returns the state, province, prefecture, or region.

getRegion() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim

getRegistrationId() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration

Returns the identifier for the registration.

getRegistrationId() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration

Get the unique registration id for this RP/AP pair

getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer

The AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry is what users will interact with after applying the AuthorizeHttpRequestsConfigurer.

getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer

getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer

Deprecated.

getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer

Deprecated.

The StandardInterceptUrlRegistry is what users will interact with after applying the UrlAuthorizationConfigurer.

getRelativeName(String, Context) - Static method in class org.springframework.security.ldap.LdapUtils

Obtains the part of a DN relative to a supplied base context.

getRelayState() - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest

Returns the RelayState value, if present in the parameters

getRelayState() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest

The relay state associated with this Logout Request

getRelayState() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse

The relay state associated with this Logout Request

getRelyingPartyRegistration() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters

The RelyingPartyRegistration representing this relying party

getRelyingPartyRegistration() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidatorParameters

The RelyingPartyRegistration representing this relying party

getRelyingPartyRegistration() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken

Get the resolved RelyingPartyRegistration associated with the request

getRelyingPartyRegistrationId() - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest

The identifier for the RelyingPartyRegistration associated with this request

getRelyingPartyRegistrationId() - Method in class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal

getRelyingPartyRegistrationId() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest

The identifier for the RelyingPartyRegistration associated with this Logout Request

getRelyingPartyRegistrationId() - Method in interface org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal

Get the RelyingPartyRegistration identifier

getRememberMeServices() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

getRememberMeServices() - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter

getRemoteAddress() - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails

Indicates the TCP/IP address the authentication request was received from.

getRemoteUser() - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper

Returns the principal's name, as obtained from the SecurityContextHolder.

getRequest() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag

This method allows subclasses to provide a way to access the ServletRequest according to the rendering technology.

getRequest() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag

getRequest() - Method in class org.springframework.security.web.access.intercept.RequestAuthorizationContext

Returns the HttpServletRequest.

getRequest() - Method in class org.springframework.security.web.context.HttpRequestResponseHolder

Deprecated.

getRequest() - Method in class org.springframework.security.web.FilterInvocation

getRequest() - Method in class org.springframework.security.web.session.SessionInformationExpiredEvent

getRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache

getRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache

getRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.NullRequestCache

getRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.savedrequest.RequestCache

Returns the saved request, leaving it cached.

getRequestMatcher() - Method in class org.springframework.security.web.authentication.AuthenticationFilter

getRequestMatcher() - Method in class org.springframework.security.web.DefaultSecurityFilterChain

getRequestMatcher() - Method in class org.springframework.security.web.util.matcher.RequestMatcherEntry

getRequestOptions() - Method in class org.springframework.security.web.webauthn.management.RelyingPartyAuthenticationRequest

Ges the request options.

getRequestURI() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest

getRequestUrl() - Method in class org.springframework.security.web.FilterInvocation

Obtains the web application-specific fragment of the URL.

getRequestURL() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest

getResidentKey() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria

The residentKey specifies the extent to which the Relying Party desires to create a client-side discoverable credential.

getResponse() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag

This method allows subclasses to provide a way to access the ServletResponse according to the rendering technology.

getResponse() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag

getResponse() - Method in class org.springframework.security.web.context.HttpRequestResponseHolder

Deprecated.

getResponse() - Method in class org.springframework.security.web.FilterInvocation

getResponse() - Method in class org.springframework.security.web.session.SessionInformationExpiredEvent

getResponse() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential

The response to the client's request to either create a public key credential, or generate an authentication assertion.

getResponseLocation() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse

Get the response location of the asserting party's SingleLogoutService

getResponseType() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest

Returns the response type.

getResult() - Method in class org.springframework.security.authorization.method.MethodInvocationResult

Return the result of the already-invoked MethodInvocation

getReturnObject() - Method in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations

getRoleHierarchy() - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler

getRolePrefix() - Method in class org.springframework.security.access.intercept.RunAsManagerImpl

Deprecated.

getRolePrefix() - Method in class org.springframework.security.access.vote.RoleVoter

Deprecated.

getRolePrefix() - Method in class org.springframework.security.config.core.GrantedAuthorityDefaults

The default prefix used with role based authorization.

getRolePrefix() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

getRolePrefix() - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

Returns the role prefix used by this populator Method available so that classes extending this can override

getRoomNumber() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson

getRootObject() - Method in class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension

getRp() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions

The rp property contains data about the Relying Party responsible for the request.

getRpId() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions

The rpId is an OPTIONAL member specifies the RP ID claimed by the Relying Party.

getRunAsManager() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

getSaml2Error() - Method in exception org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException

Get the associated Saml2Error

getSaml2Response() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2Authentication

Returns the SAML response object, as decoded XML.

getSaml2Response() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken

Returns inflated and decoded XML representation of the SAML 2 Response

getSamlRequest() - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest

Returns the AuthNRequest XML value to be sent.

getSamlRequest() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest

Get the signed and serialized <saml2:LogoutRequest> payload

getSamlResponse() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse

Get the signed and serialized <saml2:LogoutResponse> payload

getScheme() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest

getScope() - Method in class org.springframework.security.oauth2.server.resource.BearerTokenError

Return the scope.

getScopes() - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest

Returns the scope(s) to request.

getScopes() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration

Returns the scope(s) used for the client.

getScopes() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest

Returns the scope(s).

getScopes() - Method in class org.springframework.security.oauth2.core.OAuth2AccessToken

Returns the scope(s) associated to the token.

getScopes() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor

Returns the scopes (scope) associated with the token

getSecuredUiPrefix() - Static method in class org.springframework.security.taglibs.TagLibConfig

getSecuredUiSuffix() - Static method in class org.springframework.security.taglibs.TagLibConfig

getSecureKeyword() - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor

getSecureObject() - Method in class org.springframework.security.access.intercept.InterceptorStatusToken

Deprecated.

getSecureObjectClass() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

Indicates the type of secure objects the subclass will be presenting to the abstract parent for processing.

getSecureObjectClass() - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor

Deprecated.

getSecureObjectClass() - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor

Deprecated.

getSecureObjectClass() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor

Deprecated.

getSecurityContext() - Method in class org.springframework.security.access.intercept.InterceptorStatusToken

Deprecated.

getSecurityContextHolderStrategy() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

getSecurityContextRepository(HttpServletRequest) - Static method in class org.springframework.security.test.web.support.WebTestUtils

Gets the SecurityContextRepository for the specified HttpServletRequest.

getSecurityContexts() - Method in class org.springframework.security.core.session.SessionDestroyedEvent

Provides the SecurityContext instances which were associated with the destroyed session.

getSecurityContexts() - Method in class org.springframework.security.web.session.HttpSessionDestroyedEvent

getSecurityDispatcherTypes() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer

Get the DispatcherType for the springSecurityFilterChain.

getSecurityMetadataSource() - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor

Deprecated.

getSecurityMetadataSource() - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter

getSecurityMetadataSource() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor

Deprecated.

getSeries() - Method in class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken

getServerName() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest

getServerPort() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest

getServerPort(ServletRequest) - Method in interface org.springframework.security.web.PortResolver

Indicates the port the ServletRequest was received on.

getServerPort(ServletRequest) - Method in class org.springframework.security.web.PortResolverImpl

getService() - Method in class org.springframework.security.cas.ServiceProperties

Represents the service the user is authenticating to.

getService() - Method in class org.springframework.security.ldap.server.ApacheDSContainer

Deprecated.

getServiceParameter() - Method in class org.springframework.security.cas.ServiceProperties

Configures the Request parameter to look for when attempting to send a request to CAS.

getServiceProperties() - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint

getServiceUrl() - Method in interface org.springframework.security.cas.authentication.ServiceAuthenticationDetails

Gets the absolute service url (i.e.

getServiceUrl() - Method in interface org.springframework.security.cas.web.authentication.ServiceAuthenticationDetails

Deprecated.

Gets the absolute service url (i.e.

getServletContext() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag

This method allows subclasses to provide a way to access the ServletContext according to the rendering technology.

getServletContext() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag

getServletPath() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest

getServletPath() - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher

getSession() - Method in class org.springframework.security.web.session.HttpSessionCreatedEvent

getSession() - Method in class org.springframework.security.web.session.HttpSessionDestroyedEvent

getSessionId() - Method in class org.springframework.security.core.session.ReactiveSessionInformation

getSessionId() - Method in class org.springframework.security.core.session.SessionInformation

getSessionId() - Method in interface org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimAccessor

Returns a String value (sid) representing the OIDC Provider session

getSessionId() - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails

Indicates the HttpSession id the authentication request was received from.

getSessionIndexes() - Method in class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal

getSessionIndexes() - Method in interface org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal

getSessionInformation() - Method in class org.springframework.security.web.session.SessionInformationExpiredEvent

getSessionInformation(String) - Method in class org.springframework.security.core.session.InMemoryReactiveSessionRegistry

getSessionInformation(String) - Method in interface org.springframework.security.core.session.ReactiveSessionRegistry

Gets the ReactiveSessionInformation for the specified session identifier.

getSessionInformation(String) - Method in interface org.springframework.security.core.session.SessionRegistry

Obtains the session information for the specified sessionId.

getSessionInformation(String) - Method in class org.springframework.security.core.session.SessionRegistryImpl

getSessions() - Method in class org.springframework.security.web.server.authentication.MaximumSessionsContext

getSessionTrackingModes() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer

Determines how a session should be tracked.

getSharedInstance() - Static method in class org.springframework.security.oauth2.core.converter.ClaimConversionService

Returns a shared instance of ClaimConversionService.

getSharedObject(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Gets a shared Object.

getSharedObject(Class<C>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder

Gets a shared Object.

getSharedObjects() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Gets the shared objects

getSid() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl

getSid() - Method in interface org.springframework.security.acls.model.AccessControlEntry

getSids(Authentication) - Method in class org.springframework.security.acls.domain.SidRetrievalStrategyImpl

getSids(Authentication) - Method in interface org.springframework.security.acls.model.SidRetrievalStrategy

getSigAlg() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest

Returns the SigAlg value for Saml2MessageBinding.REDIRECT requests

getSignature() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest

Returns the Signature value for Saml2MessageBinding.REDIRECT requests

getSignature() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse

The signature contains the raw signature returned from the authenticator.

getSignatureCount() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord

The authData.signCount

getSignatureCount() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord

getSigningAlgorithms() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata

Get the list of org.opensaml.saml.ext.saml2alg.SigningMethod Algorithms for this asserting party, in preference order.

getSigningAlgorithms() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails

Get the list of org.opensaml.saml.ext.saml2alg.SigningMethod Algorithms for this asserting party, in preference order.

getSigningX509Credentials() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration

Get the Collection of signing Saml2X509Credentials associated with this relying party

getSingleLogoutServiceBinding() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata

Get the SingleLogoutService Binding

getSingleLogoutServiceBinding() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails

Get the SingleLogoutService Binding

getSingleLogoutServiceBinding() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration

Get the SingleLogoutService Binding

getSingleLogoutServiceBindings() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration

Get the SingleLogoutService Binding

getSingleLogoutServiceLocation() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata

Get the SingleLogoutService Location

getSingleLogoutServiceLocation() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails

Get the SingleLogoutService Location

getSingleLogoutServiceLocation() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration

Get the SingleLogoutService Location

getSingleLogoutServiceResponseLocation() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata

Get the SingleLogoutService Response Location

getSingleLogoutServiceResponseLocation() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails

Get the SingleLogoutService Response Location

getSingleLogoutServiceResponseLocation() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration

Get the SingleLogoutService Response Location

getSingleSignOnServiceBinding() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata

Get the SingleSignOnService Binding.

getSingleSignOnServiceBinding() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails

Get the SingleSignOnService Binding.

getSingleSignOnServiceLocation() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata

Get the SingleSignOnService Location.

getSingleSignOnServiceLocation() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails

Get the SingleSignOnService Location.

getSn() - Method in class org.springframework.security.ldap.userdetails.Person

getSource() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority

Returns the original user associated with a successful user switch.

getSource(Element, ParserContext) - Method in class org.springframework.security.config.http.CorsBeanDefinitionParser

getState() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest

Returns the state.

getState() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse

Returns the state.

getStatelessTicketCache() - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider

getStaticPart() - Method in class org.springframework.security.access.intercept.aspectj.MethodInvocationAdapter

Deprecated.

getStaticPart() - Method in class org.springframework.security.util.SimpleMethodInvocation

getStatus() - Method in exception org.springframework.security.ldap.ppolicy.PasswordPolicyException

getStreet() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson

getStreetAddress() - Method in interface org.springframework.security.oauth2.core.oidc.AddressStandardClaim

Returns the full street address, which may include house number, street name, P.O.

getStreetAddress() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim

getStringSeparator() - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper

getSubject() - Method in interface org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimAccessor

Returns the Subject identifier (sub).

getSubject() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor

Returns usually a machine-readable identifier (sub) of the resource owner who authorized the token

getSubject() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor

Returns the Subject identifier (sub).

getSubject() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor

Returns the Subject identifier (sub).

getSubject() - Method in interface org.springframework.security.oauth2.jwt.JwtClaimAccessor

Returns the Subject (sub) claim which identifies the principal that is the subject of the JWT.

getSubjectToken() - Method in class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequest

Returns the subject token.

getSuccessHandler() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

getSuccessHandler() - Method in class org.springframework.security.web.authentication.AuthenticationFilter

getSupportedMediaTypes() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter

getTargetUrlParameter() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

getTargetUser() - Method in class org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent

getTelephoneNumber() - Method in class org.springframework.security.ldap.userdetails.Person

getThis() - Method in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations

getThis() - Method in class org.springframework.security.access.intercept.aspectj.MethodInvocationAdapter

Deprecated.

getThis() - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder

getThis() - Method in class org.springframework.security.util.SimpleMethodInvocation

getTicketValidator() - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider

getTimeBeforeExpiration() - Method in interface org.springframework.security.ldap.ppolicy.PasswordPolicyData

getTimeBeforeExpiration() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl

Returns the timeBeforeExpiration.

getTimeBeforeExpiration() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl

getTimeout() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions

The timeout property specifies a time, in milliseconds, that the Relying Party is willing to wait for the call to complete.

getTimeout() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions

The timeout property is an OPTIONAL member specifies a time, in milliseconds, that the Relying Party is willing to wait for the call to complete.

getTitle() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson

getToken() - Method in class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken

Get the token bound to this Authentication.

getToken() - Method in class org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken

Get the Bearer Token

getToken() - Method in class org.springframework.security.rsocket.metadata.BearerTokenMetadata

getToken() - Method in interface org.springframework.security.web.csrf.CsrfToken

Gets the token value.

getToken() - Method in class org.springframework.security.web.csrf.DefaultCsrfToken

getToken() - Method in interface org.springframework.security.web.server.csrf.CsrfToken

Gets the token value.

getToken() - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken

getTokenAttributes() - Method in class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken

Returns the attributes of the access token.

getTokenAttributes() - Method in class org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication

getTokenAttributes() - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken

getTokenForSeries(String) - Method in class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl

getTokenForSeries(String) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl

Loads the token data for the supplied series identifier.

getTokenForSeries(String) - Method in interface org.springframework.security.web.authentication.rememberme.PersistentTokenRepository

getTokenResponse(JwtBearerGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultJwtBearerTokenResponseClient

Deprecated.

getTokenResponse(OAuth2AuthorizationCodeGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient

Deprecated.

getTokenResponse(OAuth2ClientCredentialsGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultClientCredentialsTokenResponseClient

Deprecated.

getTokenResponse(OAuth2PasswordGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultPasswordTokenResponseClient

Deprecated.

getTokenResponse(OAuth2RefreshTokenGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultRefreshTokenTokenResponseClient

Deprecated.

getTokenResponse(OAuth2RefreshTokenGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.RestClientRefreshTokenTokenResponseClient

getTokenResponse(OAuth2RefreshTokenGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.WebClientReactiveRefreshTokenTokenResponseClient

getTokenResponse(TokenExchangeGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultTokenExchangeTokenResponseClient

Deprecated.

getTokenResponse(T) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractRestClientOAuth2AccessTokenResponseClient

getTokenResponse(T) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient

getTokenResponse(T) - Method in interface org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient

Exchanges the authorization grant credential, provided in the authorization grant request, for an access token credential at the Authorization Server's Token Endpoint.

getTokenResponse(T) - Method in interface org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient

Exchanges the authorization grant credential, provided in the authorization grant request, for an access token credential at the Authorization Server's Token Endpoint.

getTokenType() - Method in class org.springframework.security.oauth2.core.OAuth2AccessToken

Returns the token type.

getTokenType() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor

Returns the type of the token (token_type), for example bearer.

getTokenUri() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails

Returns the uri for the token endpoint.

getTokenValiditySeconds() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

getTokenValue() - Method in class org.springframework.security.authentication.ott.DefaultOneTimeToken

getTokenValue() - Method in interface org.springframework.security.authentication.ott.OneTimeToken

getTokenValue() - Method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken

Returns the one-time token value

getTokenValue() - Method in class org.springframework.security.oauth2.core.AbstractOAuth2Token

Returns the token value.

getTokenValue() - Method in interface org.springframework.security.oauth2.core.OAuth2Token

Returns the token value.

getTokenValue() - Method in class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken

getTranslatedPortMappings() - Method in class org.springframework.security.web.PortMapperImpl

Returns the translated (Integer -> Integer) version of the original port mapping specified via setHttpsPortMapping()

getTransports() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse

The transports returns the transports

getTransports() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord

The transpots is the value returned from response.getTransports().

getTransports() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord

getTransports() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor

The transports property is an OPTIONAL member that contains a hint as to how the client might communicate with the managing authenticator of the public key credential the caller is referring to.

getTrustResolver() - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler

getType() - Method in class org.springframework.security.acls.domain.ObjectIdentityImpl

getType() - Method in interface org.springframework.security.acls.model.ObjectIdentity

Obtains the "type" metadata for the domain object.

getType() - Method in class org.springframework.security.oauth2.jwt.JwsHeader

Returns the type header that declares the media type of the JWS/JWE.

getType() - Method in interface org.springframework.security.rsocket.api.PayloadExchange

getType() - Method in class org.springframework.security.rsocket.core.DefaultPayloadExchange

getType() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential

The type attribute returns the value of the object's interface object's [[type]] slot, which specifies the credential type represented by this object.

getType() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor

The type property contains the type of the public key credential the caller is referring to.

getType() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters

The type property member specifies the type of credential to be created.

getUid() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson

getUpdatedAt() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor

Returns the time the user's information was last updated (updated_at).

getUri() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails.UserInfoEndpoint

Returns the uri for the user info endpoint.

getUri() - Method in class org.springframework.security.oauth2.core.OAuth2Error

Returns the error uri.

getUrl() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag

getUrl() - Method in class org.springframework.security.web.util.RedirectUrlBuilder

getUrn() - Method in enum class org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding

Returns the URN value from the SAML 2 specification for this binding.

getUser() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions

The user contains names and an identifier for the user account performing the registration.

getUserAttributes() - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator

getUserCache() - Method in class org.springframework.security.authentication.CachingUserDetailsService

getUserCache() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

getUserCache() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter

getUserCode() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse

Returns the User Code.

getUserDetails() - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken

getUserDetailsContextMapper() - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

Provides access to the injected UserDetailsContextMapper strategy for use by subclasses.

getUserDetailsService() - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider

getUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

getUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer

Gets the UserDetailsService that is used with the DaoAuthenticationProvider

getUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsAwareConfigurer

Gets the UserDetailsService or null if it is not available

getUserDetailsService() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

getUserDetailsService() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter

getUserDns(String) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator

Builds list of possible DNs for the user, worked out from the userDnPatterns property.

getUserEntityUserId() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord

A reference to the associated PublicKeyCredentialUserEntity.getId()

getUserEntityUserId() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord

getUserFromCache(String) - Method in class org.springframework.security.core.userdetails.cache.NullUserCache

getUserFromCache(String) - Method in class org.springframework.security.core.userdetails.cache.SpringCacheBasedUserCache

getUserFromCache(String) - Method in interface org.springframework.security.core.userdetails.UserCache

Obtains a UserDetails from the cache.

getUserHandle() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse

The userHandle is the user handle which is returned from the authenticator, or null if the authenticator did not return a user handle.

getUserInfo() - Method in class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser

getUserInfo() - Method in interface org.springframework.security.oauth2.core.oidc.user.OidcUser

Returns the UserInfo containing claims about the user.

getUserInfo() - Method in class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority

Returns the UserInfo containing claims about the user, may be null.

getUserInfoEndpoint() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails

Returns the details of the UserInfo Endpoint.

getUsername() - Method in class org.springframework.security.authentication.ott.DefaultOneTimeToken

getUsername() - Method in class org.springframework.security.authentication.ott.GenerateOneTimeTokenRequest

getUsername() - Method in interface org.springframework.security.authentication.ott.OneTimeToken

getUsername() - Method in class org.springframework.security.core.userdetails.User

getUsername() - Method in interface org.springframework.security.core.userdetails.UserDetails

Returns the username used to authenticate the user.

getUsername() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl

getUsername() - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest

Deprecated.

Returns the resource owner's username.

getUsername() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor

Returns a human-readable identifier (username) for the resource owner that authorized the token

getUsername() - Method in class org.springframework.security.rsocket.metadata.UsernamePasswordMetadata

getUsername() - Method in class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken

getUsername(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter

Returns the name of the target user.

getUserNameAttributeName() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails.UserInfoEndpoint

Returns the attribute name used to access the user's name from the user info response.

getUserNameAttributeName() - Method in class org.springframework.security.oauth2.core.user.OAuth2UserAuthority

Returns the attribute name used to access the user's name from the attributes.

getUsernameParameter() - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

getUserPrincipal() - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper

Returns the Authentication (which is a subclass of Principal), or null if unavailable.

getUserRoles(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource

Obtains the list of user roles based on the current user's JEE roles.

getUsersByUsernameQuery() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

getUserSearch() - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator

getUserVerification() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria

The userVerification specifies the Relying Party's requirements regarding user verification for the create() operation.

getUserVerification() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions

The userVerification property is an OPTIONAL member specifies the Relying Party's requirements regarding user verification for the get() operation.

getValue() - Method in class org.springframework.security.oauth2.core.AuthenticationMethod

Returns the value of the authentication method type.

getValue() - Method in class org.springframework.security.oauth2.core.AuthorizationGrantType

Returns the value of the authorization grant type.

getValue() - Method in class org.springframework.security.oauth2.core.ClientAuthenticationMethod

Returns the value of the client authentication method.

getValue() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType

Returns the value of the authorization response type.

getValue() - Method in class org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType

Returns the value of the token type.

getValue() - Method in class org.springframework.security.web.savedrequest.SavedCookie

getValue() - Method in class org.springframework.security.web.webauthn.api.AttestationConveyancePreference

Gets the String value of the preference.

getValue() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAttachment

Gets the value.

getValue() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorTransport

Get's the value.

getValue() - Method in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier

getValue() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialType

Gets the value.

getValue() - Method in class org.springframework.security.web.webauthn.api.ResidentKeyRequirement

Gets the value.

getValue() - Method in class org.springframework.security.web.webauthn.api.UserVerificationRequirement

Gets the value

getValues() - Method in class org.springframework.security.web.header.Header

Gets the values of the header.

getVar() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag

getVariables() - Method in class org.springframework.security.messaging.access.intercept.MessageAuthorizationContext

Returns the extracted variable values where the key is the variable name and the value is the variable value.

getVariables() - Method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeAuthorizationContext

getVariables() - Method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher.MatchResult

Gets potential variables and their values

getVariables() - Method in class org.springframework.security.web.access.intercept.RequestAuthorizationContext

Returns the extracted variable values where the key is the variable name and the value is the variable value.

getVariables() - Method in class org.springframework.security.web.server.authorization.AuthorizationContext

getVariables() - Method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult

Gets potential variables and their values

getVariables() - Method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult

Returns the extracted variable values where the key is the variable name and the value is the variable value

getVerificationUri() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse

Returns the end-user verification URI.

getVerificationUriComplete() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse

Returns the end-user verification URI that includes the user code.

getVerificationX509Credentials() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata

Get all verification Saml2X509Credentials associated with this asserting party

getVerificationX509Credentials() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails

Get all verification Saml2X509Credentials associated with this asserting party

getVersion() - Static method in class org.springframework.security.core.SpringSecurityCoreVersion

getVersion() - Method in enum class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.BCryptVersion

getVersion() - Method in class org.springframework.security.web.savedrequest.SavedCookie

Deprecated, for removal: This API element is subject to removal in a future version.

getWantAuthnRequestsSigned() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata

Get the WantAuthnRequestsSigned setting, indicating the asserting party's preference that relying parties should sign the AuthnRequest before sending.

getWantAuthnRequestsSigned() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails

Get the WantAuthnRequestsSigned setting, indicating the asserting party's preference that relying parties should sign the AuthnRequest before sending.

getWebAuthnRequest() - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationRequestToken

Gets the RelyingPartyAuthenticationRequest

getWebFilters() - Method in class org.springframework.security.web.server.MatcherSecurityWebFilterChain

getWebFilters() - Method in interface org.springframework.security.web.server.SecurityWebFilterChain

The WebFilter to use

getWebSecurityConfigurers() - Method in class org.springframework.security.config.annotation.web.configuration.AutowiredWebSecurityConfigurersIgnoreParents

getWebsite() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor

Returns the URL of the user's web page or blog (website).

getWriter() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper

Makes sure OnCommittedResponseWrapper.onResponseCommitted() is invoked before calling the getWriter().close() or getWriter().flush()

getX509CertificateChain() - Method in class org.springframework.security.oauth2.jwt.JwsHeader

Returns the X.509 certificate chain that contains the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS or encrypt the JWE.

getX509SHA1Thumbprint() - Method in class org.springframework.security.oauth2.jwt.JwsHeader

Returns the X.509 certificate SHA-1 thumbprint that is a base64url-encoded SHA-1 thumbprint (a.k.a.

getX509SHA256Thumbprint() - Method in class org.springframework.security.oauth2.jwt.JwsHeader

Returns the X.509 certificate SHA-256 thumbprint that is a base64url-encoded SHA-256 thumbprint (a.k.a.

getX509Url() - Method in class org.springframework.security.oauth2.jwt.JwsHeader

Returns the X.509 URL that refers to the resource for the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS or encrypt the JWE.

getZoneInfo() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor

Returns the user's time zone (zoneinfo).

GITHUB - Enum constant in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider

GIVEN_NAME - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames

given_name - the user's given name(s) or first name(s)

givenName(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Use this given name in the resulting OidcUserInfo

GLOBAL_METHOD_SECURITY - Static variable in class org.springframework.security.config.Elements

GlobalAuthenticationConfigurerAdapter - Class in org.springframework.security.config.annotation.authentication.configuration

A SecurityConfigurer that can be exposed as a bean to configure the global AuthenticationManagerBuilder.

GlobalAuthenticationConfigurerAdapter() - Constructor for class org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter

GlobalMethodSecurityBeanDefinitionParser - Class in org.springframework.security.config.method

Deprecated.

Use MethodSecurityBeanDefinitionParser instead

GlobalMethodSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser

Deprecated.

GlobalMethodSecurityConfiguration - Class in org.springframework.security.config.annotation.method.configuration

Deprecated.

Use PrePostMethodSecurityConfiguration, SecuredMethodSecurityConfiguration, or Jsr250MethodSecurityConfiguration instead

GlobalMethodSecurityConfiguration() - Constructor for class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Deprecated.

gmtZone - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat

GMT time zone - all HTTP dates are on GMT

GOOGLE - Enum constant in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider

grant(Principal) - Method in interface org.springframework.security.authentication.jaas.AuthorityGranter

The grant method is called for each principal returned from the LoginContext subject.

GRANT_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

grant_type - used in Access Token Request.

GrantedAuthoritiesContainer - Interface in org.springframework.security.core.authority

Indicates that a object stores GrantedAuthority objects.

GrantedAuthoritiesMapper - Interface in org.springframework.security.core.authority.mapping

Mapping interface which can be injected into the authentication layer to convert the authorities loaded from storage into those which will be used in the Authentication object.

GrantedAuthority - Interface in org.springframework.security.core

Represents an authority granted to an Authentication object.

GrantedAuthorityDefaults - Class in org.springframework.security.config.core

Allows providing defaults for GrantedAuthority

GrantedAuthorityDefaults(String) - Constructor for class org.springframework.security.config.core.GrantedAuthorityDefaults

GrantedAuthorityFromAssertionAttributesUserDetailsService - Class in org.springframework.security.cas.userdetails

Populates the GrantedAuthoritys for a user by reading a list of attributes that were returned as part of the CAS response.

GrantedAuthorityFromAssertionAttributesUserDetailsService(String[]) - Constructor for class org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService

GrantedAuthoritySid - Class in org.springframework.security.acls.domain

Represents a GrantedAuthority as a Sid.

GrantedAuthoritySid(String) - Constructor for class org.springframework.security.acls.domain.GrantedAuthoritySid

GrantedAuthoritySid(GrantedAuthority) - Constructor for class org.springframework.security.acls.domain.GrantedAuthoritySid

groupAuthoritiesByUsername(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

An SQL statement to query user's group authorities given a username.

GroupManager - Interface in org.springframework.security.provisioning

Allows management of groups of authorities and their members.

groupRoleAttribute(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

Specifies the attribute name which contains the role name.

groupSearchBase(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

The search base for group membership searches.

groupSearchFilter(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

The LDAP filter to search for groups.

groupSearchSubtree(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

If set to true, a subtree scope search will be performed for group membership.

H

handle(HttpServletRequest, HttpServletResponse, Supplier<CsrfToken>) - Method in class org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler

handle(HttpServletRequest, HttpServletResponse, Supplier<CsrfToken>) - Method in interface org.springframework.security.web.csrf.CsrfTokenRequestHandler

Handles a request using a CsrfToken.

handle(HttpServletRequest, HttpServletResponse, Supplier<CsrfToken>) - Method in class org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler

handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.oauth2.server.resource.web.access.BearerTokenAccessDeniedHandler

Collect error details from the provided parameters and format according to RFC 6750, specifically error, error_description, error_uri, and scope.

handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in interface org.springframework.security.web.access.AccessDeniedHandler

Handles an access denied failure.

handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.AccessDeniedHandlerImpl

handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.CompositeAccessDeniedHandler

handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.DelegatingAccessDeniedHandler

handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.NoOpAccessDeniedHandler

handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.ObservationMarkingAccessDeniedHandler

handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.RequestMatcherDelegatingAccessDeniedHandler

handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.session.InvalidSessionAccessDeniedHandler

handle(HttpServletRequest, HttpServletResponse, OneTimeToken) - Method in interface org.springframework.security.web.authentication.ott.OneTimeTokenGenerationSuccessHandler

Handles generated one-time tokens

handle(HttpServletRequest, HttpServletResponse, OneTimeToken) - Method in class org.springframework.security.web.authentication.ott.RedirectOneTimeTokenGenerationSuccessHandler

handle(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

Invokes the configured RedirectStrategy with the URL returned by the determineTargetUrl method.

handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in class org.springframework.security.web.firewall.CompositeRequestRejectedHandler

handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in class org.springframework.security.web.firewall.DefaultRequestRejectedHandler

handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in class org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler

handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in class org.springframework.security.web.firewall.ObservationMarkingRequestRejectedHandler

handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in interface org.springframework.security.web.firewall.RequestRejectedHandler

Handles an request rejected failure.

handle(Callback, Authentication) - Method in interface org.springframework.security.authentication.jaas.JaasAuthenticationCallbackHandler

Handle the Callback.

handle(Callback, Authentication) - Method in class org.springframework.security.authentication.jaas.JaasNameCallbackHandler

If the callback passed to the 'handle' method is an instance of NameCallback, the JaasNameCallbackHandler will call, callback.setName(authentication.getPrincipal().toString()).

handle(Callback, Authentication) - Method in class org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler

If the callback passed to the 'handle' method is an instance of PasswordCallback, the JaasPasswordCallbackHandler will call, callback.setPassword(authentication.getCredentials().toString()).

handle(MaximumSessionsContext) - Method in class org.springframework.security.web.server.authentication.InvalidateLeastUsedServerMaximumSessionsExceededHandler

handle(MaximumSessionsContext) - Method in class org.springframework.security.web.server.authentication.PreventLoginServerMaximumSessionsExceededHandler

handle(MaximumSessionsContext) - Method in interface org.springframework.security.web.server.authentication.ServerMaximumSessionsExceededHandler

Handles the scenario when the maximum number of sessions for a user has been reached.

handle(ServerWebExchange, AccessDeniedException) - Method in class org.springframework.security.oauth2.server.resource.web.access.server.BearerTokenServerAccessDeniedHandler

handle(ServerWebExchange, AccessDeniedException) - Method in class org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler

handle(ServerWebExchange, AccessDeniedException) - Method in interface org.springframework.security.web.server.authorization.ServerAccessDeniedHandler

handle(ServerWebExchange, AccessDeniedException) - Method in class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler

handle(ServerWebExchange, OneTimeToken) - Method in interface org.springframework.security.web.server.authentication.ott.ServerOneTimeTokenGenerationSuccessHandler

Handles generated one-time tokens

handle(ServerWebExchange, OneTimeToken) - Method in class org.springframework.security.web.server.authentication.ott.ServerRedirectOneTimeTokenGenerationSuccessHandler

handle(ServerWebExchange, ServerExchangeRejectedException) - Method in class org.springframework.security.web.server.firewall.HttpStatusExchangeRejectedHandler

handle(ServerWebExchange, ServerExchangeRejectedException) - Method in interface org.springframework.security.web.server.firewall.ServerExchangeRejectedHandler

Handles an request rejected failure.

handle(ServerWebExchange, Mono<CsrfToken>) - Method in class org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler

handle(ServerWebExchange, Mono<CsrfToken>) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRequestHandler

Handles a request using a CsrfToken.

handle(ServerWebExchange, Mono<CsrfToken>) - Method in class org.springframework.security.web.server.csrf.XorServerCsrfTokenRequestAttributeHandler

HandleAuthorizationDenied - Annotation Interface in org.springframework.security.authorization.method

Annotation for specifying handling behavior when an authorization denied happens in method security or an AuthorizationDeniedException is thrown during method invocation

handleBindException(String, String, Throwable) - Method in class org.springframework.security.ldap.authentication.BindAuthenticator

Allows subclasses to inspect the exception thrown by an attempt to bind with a particular DN.

handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in interface org.springframework.security.authorization.method.MethodAuthorizationDeniedHandler

Handle denied method invocations, implementations might either throw an AuthorizationDeniedException or a replacement result instead of invoking the method, e.g.

handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager

handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager

handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager

handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager

handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in class org.springframework.security.authorization.method.ThrowingMethodAuthorizationDeniedHandler

handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in class org.springframework.security.authorization.ObservationAuthorizationManager

handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in class org.springframework.security.authorization.ObservationReactiveAuthorizationManager

handleDeniedInvocationResult(MethodInvocationResult, AuthorizationResult) - Method in interface org.springframework.security.authorization.method.MethodAuthorizationDeniedHandler

Handle denied method invocations, implementations might either throw an AuthorizationDeniedException or a replacement result instead of invoking the method, e.g.

handleDeniedInvocationResult(MethodInvocationResult, AuthorizationResult) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager

handleDeniedInvocationResult(MethodInvocationResult, AuthorizationResult) - Method in class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager

handleDeniedInvocationResult(MethodInvocationResult, AuthorizationResult) - Method in class org.springframework.security.authorization.method.ThrowingMethodAuthorizationDeniedHandler

handleDeniedInvocationResult(MethodInvocationResult, AuthorizationResult) - Method in class org.springframework.security.authorization.ObservationAuthorizationManager

handleDeniedInvocationResult(MethodInvocationResult, AuthorizationResult) - Method in class org.springframework.security.authorization.ObservationReactiveAuthorizationManager

handleError(ClientHttpResponse) - Method in class org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler

handleLogout(SessionDestroyedEvent) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider

Handles the logout by getting the security contexts for the destroyed session and invoking LoginContext.logout() for any which contain a JaasAuthenticationToken.

handlerClass() - Element in annotation interface org.springframework.security.authorization.method.HandleAuthorizationDenied

The MethodAuthorizationDeniedHandler used to handle denied authorization results

HandlerMappingIntrospectorRequestTransformer - Class in org.springframework.security.web.access

Transforms by passing it into HandlerMappingIntrospector.setCache(HttpServletRequest).

HandlerMappingIntrospectorRequestTransformer(HandlerMappingIntrospector) - Constructor for class org.springframework.security.web.access.HandlerMappingIntrospectorRequestTransformer

handleToken(CsrfToken) - Method in class org.springframework.security.taglibs.csrf.CsrfInputTag

handleToken(CsrfToken) - Method in class org.springframework.security.taglibs.csrf.CsrfMetaTagsTag

hasAnyAuthority(String...) - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() has any of the specified authorities within Authentication.getAuthorities().

hasAnyAuthority(String...) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot

hasAnyAuthority(String...) - Static method in class org.springframework.security.authorization.AuthorityAuthorizationManager

Creates an instance of AuthorityAuthorizationManager with the provided authorities.

hasAnyAuthority(String...) - Static method in class org.springframework.security.authorization.AuthorityReactiveAuthorizationManager

Creates an instance of AuthorityReactiveAuthorizationManager with the provided authorities.

hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access

hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Specifies that a user requires one of many authorities.

hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Deprecated.

Specify that URLs requires any of a number authorities.

hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl

Deprecated.

Specifies that a user requires one of many authorities

hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Deprecated.

Specify that Message instances requires any of a number authorities.

hasAnyAuthority(String...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access

Require any authority

hasAnyAuthority(String...) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint

Specify that Message instances requires any of a number authorities.

hasAnyAuthority(String...) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl

Specifies that a user requires one of many authorities.

hasAnyRole(String...) - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() has any of the specified authorities within Authentication.getAuthorities().

hasAnyRole(String...) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot

hasAnyRole(String...) - Static method in class org.springframework.security.authorization.AuthorityAuthorizationManager

Creates an instance of AuthorityAuthorizationManager with the provided authorities.

hasAnyRole(String...) - Static method in class org.springframework.security.authorization.AuthorityReactiveAuthorizationManager

Creates an instance of AuthorityReactiveAuthorizationManager with the provided authorities.

hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access

hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Specifies that a user requires one of many roles.

hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Deprecated.

Shortcut for specifying URLs require any of a number of roles.

hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl

Deprecated.

Specifies that a user requires one of many roles.

hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Deprecated.

Shortcut for specifying Message instances require any of a number of roles.

hasAnyRole(String...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access

Require any specific role.

hasAnyRole(String...) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint

Shortcut for specifying Message instances require any of a number of roles.

hasAnyRole(String...) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl

Specifies that a user requires one of many roles.

hasAnyRole(String, String[]) - Static method in class org.springframework.security.authorization.AuthorityAuthorizationManager

Creates an instance of AuthorityAuthorizationManager with the provided authorities.

hasAnyScope(String...) - Static method in class org.springframework.security.oauth2.core.authorization.OAuth2AuthorizationManagers

Create an AuthorizationManager that requires an Authentication to have at least one authority among SCOPE_scope1, SCOPE_scope2, ...

hasAnyScope(String...) - Static method in class org.springframework.security.oauth2.core.authorization.OAuth2ReactiveAuthorizationManagers

Create a ReactiveAuthorizationManager that requires an Authentication to have at least one authority among SCOPE_scope1, SCOPE_scope2, ...

hasAuthority(String) - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() has a particular authority within Authentication.getAuthorities().

hasAuthority(String) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot

hasAuthority(String) - Static method in class org.springframework.security.authorization.AuthorityAuthorizationManager

Creates an instance of AuthorityAuthorizationManager with the provided authority.

hasAuthority(String) - Static method in class org.springframework.security.authorization.AuthorityReactiveAuthorizationManager

Creates an instance of AuthorityReactiveAuthorizationManager with the provided authority.

hasAuthority(String) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access

hasAuthority(String) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Specifies a user requires an authority.

hasAuthority(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Deprecated.

Specify that URLs require a particular authority.

hasAuthority(String) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl

Deprecated.

Specifies a user requires an authority.

hasAuthority(String) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Deprecated.

Specify that Message instances require a particular authority.

hasAuthority(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access

Require a specific authority.

hasAuthority(String) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint

Specify that Message instances require a particular authority.

hasAuthority(String) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl

Specifies a user requires an authority.

hasClaim(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor

Returns true if the claim exists in ClaimAccessor.getClaims(), otherwise false.

hasError() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl

Checks whether an error is present.

hasError(ClientHttpResponse) - Method in class org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler

hasErrors() - Method in class org.springframework.security.oauth2.core.OAuth2TokenValidatorResult

Say whether this result indicates success

hasErrors() - Method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult

Say whether this result indicates success

hasErrors() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult

Say whether this result indicates success

hashCode() - Method in class org.springframework.security.access.SecurityConfig

hashCode() - Method in class org.springframework.security.acls.domain.AbstractPermission

hashCode() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl

hashCode() - Method in class org.springframework.security.acls.domain.AclImpl

hashCode() - Method in class org.springframework.security.acls.domain.GrantedAuthoritySid

hashCode() - Method in class org.springframework.security.acls.domain.ObjectIdentityImpl

Important so caching operates properly.

hashCode() - Method in class org.springframework.security.acls.domain.PrincipalSid

hashCode() - Method in interface org.springframework.security.acls.model.ObjectIdentity

hashCode() - Method in interface org.springframework.security.acls.model.Sid

Refer to the java.lang.Object documentation for the interface contract.

hashCode() - Method in class org.springframework.security.authentication.AbstractAuthenticationToken

hashCode() - Method in class org.springframework.security.authentication.AnonymousAuthenticationToken

hashCode() - Method in class org.springframework.security.authentication.jaas.JaasGrantedAuthority

hashCode() - Method in class org.springframework.security.authentication.RememberMeAuthenticationToken

hashCode() - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken

hashCode() - Method in class org.springframework.security.core.authority.SimpleGrantedAuthority

hashCode() - Method in class org.springframework.security.core.context.SecurityContextImpl

hashCode() - Method in class org.springframework.security.core.token.DefaultToken

hashCode() - Method in class org.springframework.security.core.userdetails.User

Returns the hashcode of the username.

hashCode() - Method in class org.springframework.security.ldap.userdetails.LdapAuthority

hashCode() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl

hashCode() - Method in class org.springframework.security.messaging.util.matcher.SimpMessageTypeMatcher

hashCode() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientId

hashCode() - Method in class org.springframework.security.oauth2.core.AbstractOAuth2Token

hashCode() - Method in class org.springframework.security.oauth2.core.AuthenticationMethod

hashCode() - Method in class org.springframework.security.oauth2.core.AuthorizationGrantType

hashCode() - Method in class org.springframework.security.oauth2.core.ClientAuthenticationMethod

hashCode() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType

hashCode() - Method in class org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType

hashCode() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim

hashCode() - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo

hashCode() - Method in class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority

hashCode() - Method in class org.springframework.security.oauth2.core.user.DefaultOAuth2User

hashCode() - Method in class org.springframework.security.oauth2.core.user.OAuth2UserAuthority

hashCode() - Method in class org.springframework.security.saml2.core.Saml2X509Credential

hashCode() - Method in class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal

hashCode() - Method in class org.springframework.security.util.InMemoryResource

hashCode() - Method in class org.springframework.security.web.access.intercept.RequestKey

hashCode() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority

hashCode() - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails

hashCode() - Method in class org.springframework.security.web.header.Header

hashCode() - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken

hashCode() - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher

hashCode() - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher

hashCode() - Method in class org.springframework.security.web.util.matcher.AnyRequestMatcher

hashCode() - Method in class org.springframework.security.web.webauthn.api.Bytes

hashpw(byte[], String) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt

Hash a password using the OpenBSD bcrypt scheme

hashpw(String, String) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt

Hash a password using the OpenBSD bcrypt scheme

hasIpAddress(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Deprecated.

Specify that URLs requires a specific IP Address or subnet.

hasIpAddress(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access

Require a specific IP address or range using an IP/Netmask (e.g.

hasIpAddress(String) - Method in class org.springframework.security.web.access.expression.WebSecurityExpressionRoot

Takes a specific IP address or a range using the IP/Netmask (e.g.

hasIpAddress(String) - Static method in class org.springframework.security.web.access.IpAddressAuthorizationManager

Creates an instance of IpAddressAuthorizationManager with the provided IP address.

hasIpAddress(String) - Static method in class org.springframework.security.web.server.authorization.IpAddressReactiveAuthorizationManager

Creates an instance of IpAddressReactiveAuthorizationManager with the provided IP address.

hasMoreElements() - Method in class org.springframework.security.web.savedrequest.Enumerator

Tests if this enumeration contains more elements.

hasPermission(Object, Object) - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() has permission to access the target given the permission

hasPermission(Object, Object) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot

hasPermission(Object, String, Object) - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() has permission to access the domain object with a given id, type, and permission.

hasPermission(Object, String, Object) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot

hasPermission(Authentication, Serializable, String, Object) - Method in class org.springframework.security.access.expression.DenyAllPermissionEvaluator

hasPermission(Authentication, Serializable, String, Object) - Method in interface org.springframework.security.access.PermissionEvaluator

Alternative method for evaluating a permission where only the identifier of the target object is available, rather than the target instance itself.

hasPermission(Authentication, Serializable, String, Object) - Method in class org.springframework.security.acls.AclPermissionEvaluator

hasPermission(Authentication, Object) - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider

hasPermission(Authentication, Object, Object) - Method in class org.springframework.security.access.expression.DenyAllPermissionEvaluator

hasPermission(Authentication, Object, Object) - Method in interface org.springframework.security.access.PermissionEvaluator

hasPermission(Authentication, Object, Object) - Method in class org.springframework.security.acls.AclPermissionEvaluator

Determines whether the user has the given permission(s) on the domain object using the ACL configuration.

hasRole(String) - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() has a particular authority within Authentication.getAuthorities().

hasRole(String) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot

hasRole(String) - Static method in class org.springframework.security.authorization.AuthorityAuthorizationManager

Creates an instance of AuthorityAuthorizationManager with the provided authority.

hasRole(String) - Static method in class org.springframework.security.authorization.AuthorityReactiveAuthorizationManager

Creates an instance of AuthorityReactiveAuthorizationManager with the provided authority.

hasRole(String) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access

hasRole(String) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Specifies a user requires a role.

hasRole(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Deprecated.

Shortcut for specifying URLs require a particular role.

hasRole(String) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl

Deprecated.

Specifies a user requires a role.

hasRole(String) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Deprecated.

Shortcut for specifying Message instances require a particular role.

hasRole(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access

Require a specific role.

hasRole(String) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint

Shortcut for specifying Message instances require a particular role.

hasRole(String) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl

Specifies a user requires a role.

hasScope(String) - Static method in class org.springframework.security.oauth2.core.authorization.OAuth2AuthorizationManagers

Create an AuthorizationManager that requires an Authentication to have a SCOPE_scope authority.

hasScope(String) - Static method in class org.springframework.security.oauth2.core.authorization.OAuth2ReactiveAuthorizationManagers

Create a ReactiveAuthorizationManager that requires an Authentication to have a SCOPE_scope authority.

hasVariable(String) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Specify that a path variable in URL to be compared.

hasWarning() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl

Checks whether a warning is present.

HaveIBeenPwnedRestApiPasswordChecker - Class in org.springframework.security.web.authentication.password

Checks if the provided password was leaked by relying on Have I Been Pwned REST API.

HaveIBeenPwnedRestApiPasswordChecker() - Constructor for class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiPasswordChecker

HaveIBeenPwnedRestApiReactivePasswordChecker - Class in org.springframework.security.web.authentication.password

Checks if the provided password was leaked by relying on Have I Been Pwned REST API.

HaveIBeenPwnedRestApiReactivePasswordChecker() - Constructor for class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiReactivePasswordChecker

header(String, Object) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder

Sets the header.

header(String, Object) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder

Use this header in the resulting Jwt

header(String, String...) - Method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder

Header - Class in org.springframework.security.web.header

Represents a Header to be added to the HttpServletResponse

Header(String, String...) - Constructor for class org.springframework.security.web.header.Header

Creates a new instance

HEADER - Static variable in class org.springframework.security.oauth2.core.AuthenticationMethod

HeaderBearerTokenResolver - Class in org.springframework.security.oauth2.server.resource.web

Generic resolver extracting pre-authenticated JWT identity from a custom header.

HeaderBearerTokenResolver(String) - Constructor for class org.springframework.security.oauth2.server.resource.web.HeaderBearerTokenResolver

headers() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.headers(Customizer) or headers(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

headers() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.headers(Customizer) or headers(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

headers(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder

A Consumer to be provided access to the headers allowing the ability to add, replace, or remove.

headers(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder

Provides access to every Jwt.Builder.header(String, Object) declared so far with the possibility to add, replace, or remove.

headers(Customizer<HeadersConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Adds the Security headers to the response.

headers(Customizer<ServerHttpSecurity.HeaderSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures HTTP Response Headers.

HEADERS - Static variable in class org.springframework.security.config.Elements

HeadersBeanDefinitionParser - Class in org.springframework.security.config.http

Parser for the HeadersFilter.

HeadersBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.HeadersBeanDefinitionParser

HeadersConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds the Security HTTP headers to the response.

HeadersConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Creates a new instance

HeadersConfigurer.CacheControlConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.ContentSecurityPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.ContentTypeOptionsConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.CrossOriginEmbedderPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.CrossOriginOpenerPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.CrossOriginResourcePolicyConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.FeaturePolicyConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.FrameOptionsConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.HpkpConfig - Class in org.springframework.security.config.annotation.web.configurers

Deprecated.

see Certificate and Public Key Pinning for more context

HeadersConfigurer.HstsConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.PermissionsPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.ReferrerPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.XXssConfig - Class in org.springframework.security.config.annotation.web.configurers

headerValue(XXssProtectionHeaderWriter.HeaderValue) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig

Sets the value of the X-XSS-PROTECTION header.

headerValue(XXssProtectionServerHttpHeadersWriter.HeaderValue) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.XssProtectionSpec

Sets the value of x-xss-protection header.

HeaderWriter - Interface in org.springframework.security.web.header

Contract for writing headers to a HttpServletResponse

HeaderWriterFilter - Class in org.springframework.security.web.header

Filter implementation to add headers to the current response.

HeaderWriterFilter(List<HeaderWriter>) - Constructor for class org.springframework.security.web.header.HeaderWriterFilter

Creates a new instance.

HeaderWriterLogoutHandler - Class in org.springframework.security.web.authentication.logout

HeaderWriterLogoutHandler(HeaderWriter) - Constructor for class org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler

Constructs a new instance using the passed HeaderWriter implementation

HeaderWriterServerLogoutHandler - Class in org.springframework.security.web.server.authentication.logout

A ServerLogoutHandler implementation which writes HTTP headers during logout.

HeaderWriterServerLogoutHandler(ServerHttpHeadersWriter) - Constructor for class org.springframework.security.web.server.authentication.logout.HeaderWriterServerLogoutHandler

Constructs a new instance using the ServerHttpHeadersWriter implementation.

Hex - Class in org.springframework.security.crypto.codec

Hex data encoder.

hideUserNotFoundExceptions - Variable in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

HpkpHeaderWriter - Class in org.springframework.security.web.header.writers

Deprecated.

see Certificate and Public Key Pinning for more context

HpkpHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.HpkpHeaderWriter

Deprecated.

Creates a new instance

HpkpHeaderWriter(long) - Constructor for class org.springframework.security.web.header.writers.HpkpHeaderWriter

Deprecated.

Creates a new instance

HpkpHeaderWriter(long, boolean) - Constructor for class org.springframework.security.web.header.writers.HpkpHeaderWriter

Deprecated.

Creates a new instance

HpkpHeaderWriter(long, boolean, boolean) - Constructor for class org.springframework.security.web.header.writers.HpkpHeaderWriter

Deprecated.

Creates a new instance

HS256 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.MacAlgorithm

HMAC using SHA-256 (Required)

HS256 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms

HMAC using SHA-256 (Required)

HS384 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.MacAlgorithm

HMAC using SHA-384 (Optional)

HS384 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms

HMAC using SHA-384 (Optional)

HS512 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.MacAlgorithm

HMAC using SHA-512 (Optional)

HS512 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms

HMAC using SHA-512 (Optional)

hsts() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.hsts(Customizer) or hsts(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

hsts(Customizer<ServerHttpSecurity.HeaderSpec.HstsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures the Strict Transport Security response headers

HstsHeaderWriter - Class in org.springframework.security.web.header.writers

Provides support for HTTP Strict Transport Security (HSTS).

HstsHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter

Creates a new instance

HstsHeaderWriter(boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter

Creates a new instance

HstsHeaderWriter(long) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter

Creates a new instance

HstsHeaderWriter(long, boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter

Creates a new instance

HstsHeaderWriter(long, boolean, boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter

Creates a new instance

HstsHeaderWriter(RequestMatcher, long, boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter

Creates a new instance

HstsHeaderWriter(RequestMatcher, long, boolean, boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter

Creates a new instance

http() - Static method in class org.springframework.security.config.web.server.ServerHttpSecurity

Creates a new instance.

http(int) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer

Adds a port mapping

HTTP - Static variable in class org.springframework.security.config.Elements

HTTP_BASIC - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

Instance of AuthenticationWebFilter

HTTP_FIREWALL - Static variable in class org.springframework.security.config.Elements

HTTP_HEADERS_WRITER - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

Http403ForbiddenEntryPoint - Class in org.springframework.security.web.authentication

In the pre-authenticated authentication case (unlike CAS, for example) the user will already have been identified through some external mechanism and a secure context established by the time the security-enforcement filter is invoked.

Http403ForbiddenEntryPoint() - Constructor for class org.springframework.security.web.authentication.Http403ForbiddenEntryPoint

httpBasic() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.httpBasic(Customizer) or httpBasic(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

httpBasic() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.httpBasic(Customizer) or httpBasic(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

httpBasic(String, String) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors

Convenience mechanism for setting the Authorization header to use HTTP Basic with the given username and password.

httpBasic(Customizer<HttpBasicConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures HTTP Basic authentication.

httpBasic(Customizer<ServerHttpSecurity.HttpBasicSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures HTTP Basic authentication.

HttpBasicConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers

Adds HTTP basic based authentication.

HttpBasicConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer

Creates a new instance

HttpBasicServerAuthenticationEntryPoint - Class in org.springframework.security.web.server.authentication

Prompts a user for HTTP Basic authentication.

HttpBasicServerAuthenticationEntryPoint() - Constructor for class org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint

httpFirewall(HttpFirewall) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Allows customizing the HttpFirewall.

HttpFirewall - Interface in org.springframework.security.web.firewall

Interface which can be used to reject potentially dangerous requests and/or wrap them to control their behaviour.

HttpFirewallBeanDefinitionParser - Class in org.springframework.security.config.http

Injects the supplied HttpFirewall bean reference into the FilterChainProxy.

HttpFirewallBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.HttpFirewallBeanDefinitionParser

HttpHeaderWriterWebFilter - Class in org.springframework.security.web.server.header

Invokes a ServerHttpHeadersWriter on ReactiveHttpOutputMessage.beforeCommit(java.util.function.Supplier).

HttpHeaderWriterWebFilter(ServerHttpHeadersWriter) - Constructor for class org.springframework.security.web.server.header.HttpHeaderWriterWebFilter

HttpMessageConverterAuthenticationSuccessHandler - Class in org.springframework.security.web.authentication

An AuthenticationSuccessHandler that writes a JSON response with the redirect URL and an authenticated status similar to: { "redirectUrl": "/user/profile", "authenticated": true }

HttpMessageConverterAuthenticationSuccessHandler() - Constructor for class org.springframework.security.web.authentication.HttpMessageConverterAuthenticationSuccessHandler

HttpMessageConverterAuthenticationSuccessHandler.AuthenticationSuccess - Class in org.springframework.security.web.authentication

A response object used to write the JSON response for successful authentication.

httpPublicKeyPinning() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Deprecated.

see Certificate and Public Key Pinning for more context

httpPublicKeyPinning(Customizer<HeadersConfigurer.HpkpConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Deprecated.

see Certificate and Public Key Pinning for more context

HttpRequestResponseHolder - Class in org.springframework.security.web.context

Deprecated.

Use SecurityContextRepository.loadDeferredContext(HttpServletRequest)

HttpRequestResponseHolder(HttpServletRequest, HttpServletResponse) - Constructor for class org.springframework.security.web.context.HttpRequestResponseHolder

Deprecated.

HTTPS_REDIRECT - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

HttpsRedirectWebFilter

HttpSecurity - Class in org.springframework.security.config.annotation.web.builders

A HttpSecurity is similar to Spring Security's XML <http> element in the namespace configuration.

HttpSecurity(ObjectPostProcessor<Object>, AuthenticationManagerBuilder, Map<Class<?>, Object>) - Constructor for class org.springframework.security.config.annotation.web.builders.HttpSecurity

Creates a new instance

HttpSecurity.RequestMatcherConfigurer - Class in org.springframework.security.config.annotation.web.builders

Allows mapping HTTP requests that this HttpSecurity will be used for

HttpSecurityBeanDefinitionParser - Class in org.springframework.security.config.http

Sets up HTTP security: filter stack and protected URLs.

HttpSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser

HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean - Class in org.springframework.security.config.http

HttpSecurityBeanDefinitionParser.FilterChainDecoratorFactory - Class in org.springframework.security.config.http

HttpSecurityBeanDefinitionParser.RequestRejectedHandlerPostProcessor - Class in org.springframework.security.config.http

HttpSecurityBuilder<H extends HttpSecurityBuilder<H>> - Interface in org.springframework.security.config.annotation.web

httpServletRequest(HttpServletRequest) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction

Modifies the ClientRequest.attributes() to include the HttpServletRequest used to look up and save the OAuth2AuthorizedClient.

httpServletResponse(HttpServletResponse) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction

Modifies the ClientRequest.attributes() to include the HttpServletResponse used to save the OAuth2AuthorizedClient.

HttpSessionCreatedEvent - Class in org.springframework.security.web.session

Published by the HttpSessionEventPublisher when an HttpSession is created by the container

HttpSessionCreatedEvent(HttpSession) - Constructor for class org.springframework.security.web.session.HttpSessionCreatedEvent

HttpSessionCsrfTokenRepository - Class in org.springframework.security.web.csrf

A CsrfTokenRepository that stores the CsrfToken in the HttpSession.

HttpSessionCsrfTokenRepository() - Constructor for class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository

HttpSessionDestroyedEvent - Class in org.springframework.security.web.session

Published by the HttpSessionEventPublisher when a HttpSession is removed from the container

HttpSessionDestroyedEvent(HttpSession) - Constructor for class org.springframework.security.web.session.HttpSessionDestroyedEvent

HttpSessionEventPublisher - Class in org.springframework.security.web.session

Declared in web.xml as

HttpSessionEventPublisher() - Constructor for class org.springframework.security.web.session.HttpSessionEventPublisher

HttpSessionIdChangedEvent - Class in org.springframework.security.web.session

Published by the HttpSessionEventPublisher when an HttpSession ID is changed.

HttpSessionIdChangedEvent(HttpSession, String) - Constructor for class org.springframework.security.web.session.HttpSessionIdChangedEvent

HttpSessionLogoutRequestRepository - Class in org.springframework.security.saml2.provider.service.web.authentication.logout

An implementation of an Saml2LogoutRequestRepository that stores Saml2LogoutRequest in the HttpSession.

HttpSessionLogoutRequestRepository() - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.logout.HttpSessionLogoutRequestRepository

HttpSessionOAuth2AuthorizationRequestRepository - Class in org.springframework.security.oauth2.client.web

An implementation of an AuthorizationRequestRepository that stores OAuth2AuthorizationRequest in the HttpSession.

HttpSessionOAuth2AuthorizationRequestRepository() - Constructor for class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository

HttpSessionOAuth2AuthorizedClientRepository - Class in org.springframework.security.oauth2.client.web

An implementation of an OAuth2AuthorizedClientRepository that stores OAuth2AuthorizedClient's in the HttpSession.

HttpSessionOAuth2AuthorizedClientRepository() - Constructor for class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizedClientRepository

HttpSessionPublicKeyCredentialCreationOptionsRepository - Class in org.springframework.security.web.webauthn.registration

HttpSessionPublicKeyCredentialCreationOptionsRepository() - Constructor for class org.springframework.security.web.webauthn.registration.HttpSessionPublicKeyCredentialCreationOptionsRepository

HttpSessionPublicKeyCredentialRequestOptionsRepository - Class in org.springframework.security.web.webauthn.authentication

A PublicKeyCredentialRequestOptionsRepository that stores the PublicKeyCredentialRequestOptions in the HttpSession.

HttpSessionPublicKeyCredentialRequestOptionsRepository() - Constructor for class org.springframework.security.web.webauthn.authentication.HttpSessionPublicKeyCredentialRequestOptionsRepository

HttpSessionRequestCache - Class in org.springframework.security.web.savedrequest

RequestCache which stores the SavedRequest in the HttpSession.

HttpSessionRequestCache() - Constructor for class org.springframework.security.web.savedrequest.HttpSessionRequestCache

HttpSessionSaml2AuthenticationRequestRepository - Class in org.springframework.security.saml2.provider.service.web

A Saml2AuthenticationRequestRepository implementation that uses HttpSession to store and retrieve the AbstractSaml2AuthenticationRequest

HttpSessionSaml2AuthenticationRequestRepository() - Constructor for class org.springframework.security.saml2.provider.service.web.HttpSessionSaml2AuthenticationRequestRepository

HttpSessionSecurityContextRepository - Class in org.springframework.security.web.context

A SecurityContextRepository implementation which stores the security context in the HttpSession between requests.

HttpSessionSecurityContextRepository() - Constructor for class org.springframework.security.web.context.HttpSessionSecurityContextRepository

HttpsRedirectSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec

HttpsRedirectWebFilter - Class in org.springframework.security.web.server.transport

Redirects any non-HTTPS request to its HTTPS equivalent.

HttpsRedirectWebFilter() - Constructor for class org.springframework.security.web.server.transport.HttpsRedirectWebFilter

httpsRedirectWhen(Function<ServerWebExchange, Boolean>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec

Configures when this filter should redirect to https By default, the filter will redirect whenever an exchange's scheme is not https

httpsRedirectWhen(ServerWebExchangeMatcher...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec

Configures when this filter should redirect to https By default, the filter will redirect whenever an exchange's scheme is not https

HttpStatusEntryPoint - Class in org.springframework.security.web.authentication

An AuthenticationEntryPoint that sends a generic HttpStatus as a response.

HttpStatusEntryPoint(HttpStatus) - Constructor for class org.springframework.security.web.authentication.HttpStatusEntryPoint

Creates a new instance.

HttpStatusExchangeRejectedHandler - Class in org.springframework.security.web.server.firewall

A simple implementation of ServerExchangeRejectedHandler that sends an error with configurable status code.

HttpStatusExchangeRejectedHandler() - Constructor for class org.springframework.security.web.server.firewall.HttpStatusExchangeRejectedHandler

Constructs an instance which uses 400 as response code.

HttpStatusExchangeRejectedHandler(HttpStatus) - Constructor for class org.springframework.security.web.server.firewall.HttpStatusExchangeRejectedHandler

Constructs an instance which uses a configurable http code as response.

HttpStatusRequestRejectedHandler - Class in org.springframework.security.web.firewall

A simple implementation of RequestRejectedHandler that sends an error with configurable status code.

HttpStatusRequestRejectedHandler() - Constructor for class org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler

Constructs an instance which uses 400 as response code.

HttpStatusRequestRejectedHandler(int) - Constructor for class org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler

Constructs an instance which uses a configurable http code as response.

HttpStatusReturningLogoutSuccessHandler - Class in org.springframework.security.web.authentication.logout

Implementation of the LogoutSuccessHandler.

HttpStatusReturningLogoutSuccessHandler() - Constructor for class org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler

Initialize the HttpStatusLogoutSuccessHandler with the default HttpStatus.OK.

HttpStatusReturningLogoutSuccessHandler(HttpStatus) - Constructor for class org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler

Initialize the HttpStatusLogoutSuccessHandler with a user-defined HttpStatus.

HttpStatusReturningServerLogoutSuccessHandler - Class in org.springframework.security.web.server.authentication.logout

Implementation of the ServerLogoutSuccessHandler.

HttpStatusReturningServerLogoutSuccessHandler() - Constructor for class org.springframework.security.web.server.authentication.logout.HttpStatusReturningServerLogoutSuccessHandler

Initialize the HttpStatusReturningServerLogoutSuccessHandler with the default HttpStatus.OK.

HttpStatusReturningServerLogoutSuccessHandler(HttpStatus) - Constructor for class org.springframework.security.web.server.authentication.logout.HttpStatusReturningServerLogoutSuccessHandler

Initialize the HttpStatusReturningServerLogoutSuccessHandler with a user-defined HttpStatus.

HttpStatusServerAccessDeniedHandler - Class in org.springframework.security.web.server.authorization

Sets the provided HTTP Status when access is denied.

HttpStatusServerAccessDeniedHandler(HttpStatus) - Constructor for class org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler

Creates an instance with the provided status

HttpStatusServerEntryPoint - Class in org.springframework.security.web.server.authentication

A ServerAuthenticationEntryPoint that sends a generic HttpStatus as a response.

HttpStatusServerEntryPoint(HttpStatus) - Constructor for class org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint

httpStrictTransportSecurity() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.httpStrictTransportSecurity(Customizer) instead

httpStrictTransportSecurity(Customizer<HeadersConfigurer.HstsConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows customizing the HstsHeaderWriter which provides support for HTTP Strict Transport Security (HSTS).

HYBRID - Static variable in class org.springframework.security.web.webauthn.api.AuthenticatorTransport

hybrid indicates the respective authenticator can be contacted using a combination of (often separate) data-transport and proximity mechanisms.

I

IAT - Static variable in class org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimNames

iat - the time at which the ID Token was issued

IAT - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames

iat - A timestamp indicating when the token was issued

IAT - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames

iat - the time at which the ID Token was issued

IAT - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames

iat - The Issued at claim identifies the time at which the JWT was issued

id - Variable in class org.springframework.security.taglibs.authz.JspAuthorizeTag

id(String) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder

Sets the JWT ID (jti) claim, which provides a unique identifier for the JWT.

id(String) - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder

This is the unique id used in the AbstractSaml2AuthenticationRequest.Builder.samlRequest

id(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder

This is the unique id used in the Saml2LogoutRequest.Builder.samlRequest(java.lang.String)

id(String) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential.PublicKeyCredentialBuilder

Sets the PublicKeyCredential.getId() property

id(String) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRpEntity.PublicKeyCredentialRpEntityBuilder

Sets the PublicKeyCredentialRpEntity.getId() property.

id(Bytes) - Method in class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.PublicKeyCredentialUserEntityBuilder

Sets the ImmutablePublicKeyCredentialUserEntity.getId() property.

id(Bytes) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor.PublicKeyCredentialDescriptorBuilder

Sets the PublicKeyCredentialDescriptor.getId() property.

ID_TOKEN - Static variable in class org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames

id_token - used in the Access Token Response.

identity() - Static method in interface org.springframework.security.config.ObjectPostProcessor

IDENTITY - Static variable in interface org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer

IdentityUnavailableException - Exception in org.springframework.security.acls.domain

Thrown if an ACL identity could not be extracted from an object.

IdentityUnavailableException(String) - Constructor for exception org.springframework.security.acls.domain.IdentityUnavailableException

Constructs an IdentityUnavailableException with the specified message.

IdentityUnavailableException(String, Throwable) - Constructor for exception org.springframework.security.acls.domain.IdentityUnavailableException

Constructs an IdentityUnavailableException with the specified message and root cause.

idToken(Consumer<OidcIdToken.Builder>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator

Use the provided OidcIdToken when constructing the authenticated user

idToken(Consumer<OidcIdToken.Builder>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor

Use the provided OidcIdToken when constructing the authenticated user

IdTokenClaimAccessor - Interface in org.springframework.security.oauth2.core.oidc

A ClaimAccessor for the "claims" that can be returned in the ID Token, which provides information about the authentication of an End-User by an Authorization Server.

IdTokenClaimNames - Class in org.springframework.security.oauth2.core.oidc

The names of the "claims" defined by the OpenID Connect Core 1.0 specification that can be returned in the ID Token.

IF_REQUIRED - Enum constant in enum class org.springframework.security.config.http.SessionCreationPolicy

Spring Security will only create an HttpSession if required

ignoring() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Allows adding RequestMatcher instances that Spring Security should ignore.

ignoringRequestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer

Allows specifying HttpServletRequest that should not use CSRF Protection even if they match the CsrfConfigurer.requireCsrfProtectionMatcher(RequestMatcher).

ignoringRequestMatchers(RequestMatcher...) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer

Allows specifying HttpServletRequests that should not use CSRF Protection even if they match the CsrfConfigurer.requireCsrfProtectionMatcher(RequestMatcher).

ImmutableAuthenticationExtensionsClientInput<T> - Class in org.springframework.security.web.webauthn.api

An immutable AuthenticationExtensionsClientInput.

ImmutableAuthenticationExtensionsClientInput(String, T) - Constructor for class org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInput

Creates a new instance

ImmutableAuthenticationExtensionsClientInputs - Class in org.springframework.security.web.webauthn.api

An immutable implementation of AuthenticationExtensionsClientInputs.

ImmutableAuthenticationExtensionsClientInputs(List<AuthenticationExtensionsClientInput>) - Constructor for class org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInputs

ImmutableAuthenticationExtensionsClientInputs(AuthenticationExtensionsClientInput...) - Constructor for class org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInputs

ImmutableAuthenticationExtensionsClientOutputs - Class in org.springframework.security.web.webauthn.api

An immutable implementation of AuthenticationExtensionsClientOutputs.

ImmutableAuthenticationExtensionsClientOutputs(List<AuthenticationExtensionsClientOutput<?>>) - Constructor for class org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientOutputs

ImmutableAuthenticationExtensionsClientOutputs(AuthenticationExtensionsClientOutput<?>...) - Constructor for class org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientOutputs

ImmutableCredentialRecord - Class in org.springframework.security.web.webauthn.api

An immutable CredentialRecord.

ImmutableCredentialRecord.ImmutableCredentialRecordBuilder - Class in org.springframework.security.web.webauthn.api

ImmutablePublicKeyCose - Class in org.springframework.security.web.webauthn.api

An immutable PublicKeyCose

ImmutablePublicKeyCose(byte[]) - Constructor for class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCose

Creates a new instance.

ImmutablePublicKeyCredentialCreationOptionsRequest - Class in org.springframework.security.web.webauthn.management

An immutable implementation of PublicKeyCredentialCreationOptionsRequest.

ImmutablePublicKeyCredentialCreationOptionsRequest(Authentication) - Constructor for class org.springframework.security.web.webauthn.management.ImmutablePublicKeyCredentialCreationOptionsRequest

ImmutablePublicKeyCredentialRequestOptionsRequest - Class in org.springframework.security.web.webauthn.management

ImmutablePublicKeyCredentialRequestOptionsRequest(Authentication) - Constructor for class org.springframework.security.web.webauthn.management.ImmutablePublicKeyCredentialRequestOptionsRequest

ImmutablePublicKeyCredentialUserEntity - Class in org.springframework.security.web.webauthn.api

PublicKeyCredentialUserEntity is used to supply additional user account attributes when creating a new credential.

ImmutablePublicKeyCredentialUserEntity.PublicKeyCredentialUserEntityBuilder - Class in org.springframework.security.web.webauthn.api

Used to build PublicKeyCredentialUserEntity.

ImmutableRelyingPartyRegistrationRequest - Class in org.springframework.security.web.webauthn.management

Contains the information necessary to register a new Credential.

ImmutableRelyingPartyRegistrationRequest(PublicKeyCredentialCreationOptions, RelyingPartyPublicKey) - Constructor for class org.springframework.security.web.webauthn.management.ImmutableRelyingPartyRegistrationRequest

Creates a new instance.

implies(String...) - Method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl.Builder.ImpliedRoles

Specifies implied role(s) for the current role in the hierarchy.

inboundChannelSecurity(MessageSecurityMetadataSource) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

Deprecated.

inboundMessageSecurityMetadataSource() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

Deprecated.

includeSubdomains(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec

Configures if subdomains should be included.

includeSubDomains(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig

Deprecated.

If true, the pinning policy applies to this pinned host as well as any subdomains of the host's domain name.

includeSubDomains(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig

If true, subdomains should be considered HSTS Hosts too.

INDIRECT - Static variable in class org.springframework.security.web.webauthn.api.AttestationConveyancePreference

The indirect preference indicates that the Relying Party wants to receive a verifiable attestation statement, but allows the client to decide how to obtain such an attestation statement.

INET_ORG_PERSON_MAPPER_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

InetOrgPerson - Class in org.springframework.security.ldap.userdetails

UserDetails implementation whose properties are based on a subset of the LDAP schema for inetOrgPerson.

InetOrgPerson() - Constructor for class org.springframework.security.ldap.userdetails.InetOrgPerson

InetOrgPerson.Essence - Class in org.springframework.security.ldap.userdetails

InetOrgPersonContextMapper - Class in org.springframework.security.ldap.userdetails

InetOrgPersonContextMapper() - Constructor for class org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper

init() - Method in class org.springframework.security.config.SecurityNamespaceHandler

init(B) - Method in interface org.springframework.security.config.annotation.SecurityConfigurer

Initialize the SecurityBuilder.

init(B) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter

init(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

init(B) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer

init(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer

init(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

init(B) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

Initialize the SecurityBuilder.

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer

Populates a PreAuthenticatedAuthenticationProvider into HttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider) and a Http403ForbiddenEntryPoint into HttpSecurityBuilder.setSharedObject(Class, Object)

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer

init(FilterConfig) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor

Deprecated.

Not used (we rely on IoC container lifecycle services instead)

init(FilterConfig) - Method in class org.springframework.security.web.debug.DebugFilter

init(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter

initDao() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

initDao() - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

initDao() - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl

initExtractorMap() - Method in class org.springframework.security.web.util.ThrowableAnalyzer

Initializes associations between Throwables and ThrowableCauseExtractors.

initialize() - Static method in class org.springframework.security.saml2.core.OpenSamlInitializationService

Ready OpenSAML for use and configure it with reasonable defaults.

initialize(Subject, CallbackHandler, Map, Map) - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule

Initialize this LoginModule.

initializeAuthenticationProviderBeanManagerConfigurer(ApplicationContext) - Static method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration

initializeUserDetailsBeanManagerConfigurer(ApplicationContext) - Static method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration

initUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

initUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer

Populates the users that have been added.

initUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer

Allows subclasses to initialize the UserDetailsService.

inMemoryAuthentication() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

Add in memory authentication to the AuthenticationManagerBuilder and return a InMemoryUserDetailsManagerConfigurer to allow customization of the in memory authentication.

InMemoryClientRegistrationRepository - Class in org.springframework.security.oauth2.client.registration

A ClientRegistrationRepository that stores ClientRegistration(s) in-memory.

InMemoryClientRegistrationRepository(List<ClientRegistration>) - Constructor for class org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository

Constructs an InMemoryClientRegistrationRepository using the provided parameters.

InMemoryClientRegistrationRepository(Map<String, ClientRegistration>) - Constructor for class org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository

Constructs an InMemoryClientRegistrationRepository using the provided Map of registration id to ClientRegistration.

InMemoryClientRegistrationRepository(ClientRegistration...) - Constructor for class org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository

Constructs an InMemoryClientRegistrationRepository using the provided parameters.

InMemoryConfiguration - Class in org.springframework.security.authentication.jaas.memory

An in memory representation of a JAAS configuration.

InMemoryConfiguration(Map<String, AppConfigurationEntry[]>) - Constructor for class org.springframework.security.authentication.jaas.memory.InMemoryConfiguration

Creates a new instance with a mapping of login context name to an array of AppConfigurationEntrys.

InMemoryConfiguration(Map<String, AppConfigurationEntry[]>, AppConfigurationEntry[]) - Constructor for class org.springframework.security.authentication.jaas.memory.InMemoryConfiguration

Creates a new instance with a mapping of login context name to an array of AppConfigurationEntrys along with a default configuration that will be used if no mapping is found for the given login context name.

InMemoryConfiguration(AppConfigurationEntry[]) - Constructor for class org.springframework.security.authentication.jaas.memory.InMemoryConfiguration

Creates a new instance with only a defaultConfiguration.

InMemoryOAuth2AuthorizedClientService - Class in org.springframework.security.oauth2.client

An OAuth2AuthorizedClientService that stores Authorized Client(s) in-memory.

InMemoryOAuth2AuthorizedClientService(ClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService

Constructs an InMemoryOAuth2AuthorizedClientService using the provided parameters.

InMemoryOAuth2AuthorizedClientService(ClientRegistrationRepository, Map<OAuth2AuthorizedClientId, OAuth2AuthorizedClient>) - Constructor for class org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService

Constructs an InMemoryOAuth2AuthorizedClientService using the provided parameters.

InMemoryOidcSessionRegistry - Class in org.springframework.security.oauth2.client.oidc.session

An in-memory implementation of OidcSessionRegistry

InMemoryOidcSessionRegistry() - Constructor for class org.springframework.security.oauth2.client.oidc.session.InMemoryOidcSessionRegistry

InMemoryOneTimeTokenService - Class in org.springframework.security.authentication.ott

Provides an in-memory implementation of the OneTimeTokenService interface that uses a ConcurrentHashMap to store the generated OneTimeToken.

InMemoryOneTimeTokenService() - Constructor for class org.springframework.security.authentication.ott.InMemoryOneTimeTokenService

InMemoryReactiveClientRegistrationRepository - Class in org.springframework.security.oauth2.client.registration

A Reactive ClientRegistrationRepository that stores ClientRegistration(s) in-memory.

InMemoryReactiveClientRegistrationRepository(List<ClientRegistration>) - Constructor for class org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository

Constructs an InMemoryReactiveClientRegistrationRepository using the provided parameters.

InMemoryReactiveClientRegistrationRepository(ClientRegistration...) - Constructor for class org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository

Constructs an InMemoryReactiveClientRegistrationRepository using the provided parameters.

InMemoryReactiveOAuth2AuthorizedClientService - Class in org.springframework.security.oauth2.client

An OAuth2AuthorizedClientService that stores Authorized Client(s) in-memory.

InMemoryReactiveOAuth2AuthorizedClientService(ReactiveClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService

Constructs an InMemoryReactiveOAuth2AuthorizedClientService using the provided parameters.

InMemoryReactiveOidcSessionRegistry - Class in org.springframework.security.oauth2.client.oidc.server.session

An in-memory implementation of ReactiveOidcSessionRegistry

InMemoryReactiveOidcSessionRegistry() - Constructor for class org.springframework.security.oauth2.client.oidc.server.session.InMemoryReactiveOidcSessionRegistry

InMemoryReactiveOneTimeTokenService - Class in org.springframework.security.authentication.ott.reactive

Reactive adapter for InMemoryOneTimeTokenService

InMemoryReactiveOneTimeTokenService() - Constructor for class org.springframework.security.authentication.ott.reactive.InMemoryReactiveOneTimeTokenService

InMemoryReactiveSessionRegistry - Class in org.springframework.security.core.session

Provides an in-memory implementation of ReactiveSessionRegistry.

InMemoryReactiveSessionRegistry() - Constructor for class org.springframework.security.core.session.InMemoryReactiveSessionRegistry

InMemoryReactiveSessionRegistry(ConcurrentMap<Object, Set<String>>, Map<String, ReactiveSessionInformation>) - Constructor for class org.springframework.security.core.session.InMemoryReactiveSessionRegistry

InMemoryRelyingPartyRegistrationRepository - Class in org.springframework.security.saml2.provider.service.registration

An in-memory implementation of RelyingPartyRegistrationRepository.

InMemoryRelyingPartyRegistrationRepository(Collection<RelyingPartyRegistration>) - Constructor for class org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository

InMemoryRelyingPartyRegistrationRepository(RelyingPartyRegistration...) - Constructor for class org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository

InMemoryResource - Class in org.springframework.security.util

An in memory implementation of Spring's Resource interface.

InMemoryResource(byte[]) - Constructor for class org.springframework.security.util.InMemoryResource

InMemoryResource(byte[], String) - Constructor for class org.springframework.security.util.InMemoryResource

InMemoryResource(String) - Constructor for class org.springframework.security.util.InMemoryResource

InMemoryTokenRepositoryImpl - Class in org.springframework.security.web.authentication.rememberme

Simple PersistentTokenRepository implementation backed by a Map.

InMemoryTokenRepositoryImpl() - Constructor for class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl

InMemoryUserDetailsManager - Class in org.springframework.security.provisioning

Non-persistent implementation of UserDetailsManager which is backed by an in-memory map.

InMemoryUserDetailsManager() - Constructor for class org.springframework.security.provisioning.InMemoryUserDetailsManager

InMemoryUserDetailsManager(Collection<UserDetails>) - Constructor for class org.springframework.security.provisioning.InMemoryUserDetailsManager

InMemoryUserDetailsManager(Properties) - Constructor for class org.springframework.security.provisioning.InMemoryUserDetailsManager

InMemoryUserDetailsManager(UserDetails...) - Constructor for class org.springframework.security.provisioning.InMemoryUserDetailsManager

InMemoryUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>> - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning

Configures an AuthenticationManagerBuilder to have in memory authentication.

InMemoryUserDetailsManagerConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer

Creates a new instance

INSECURE_NOOP - Static variable in interface org.springframework.security.web.server.firewall.ServerWebExchangeFirewall

An implementation of StrictServerWebExchangeFirewall that does nothing.

InsecureChannelProcessor - Class in org.springframework.security.web.access.channel

Ensures channel security is inactive by review of HttpServletRequest.isSecure() responses.

InsecureChannelProcessor() - Constructor for class org.springframework.security.web.access.channel.InsecureChannelProcessor

insertAce(int, Permission, Sid, boolean) - Method in class org.springframework.security.acls.domain.AclImpl

insertAce(int, Permission, Sid, boolean) - Method in interface org.springframework.security.acls.model.MutableAcl

insertFilters(ServletContext, Filter...) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer

Inserts the provided Filters before existing Filters using default generated names, AbstractSecurityWebApplicationInitializer.getSecurityDispatcherTypes(), and AbstractSecurityWebApplicationInitializer.isAsyncSecuritySupported().

instance - Variable in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence

INSTANCE - Static variable in class org.springframework.security.web.util.matcher.AnyRequestMatcher

INSUFFICIENT_PASSWORD_QUALITY - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus

INSUFFICIENT_SCOPE - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes

insufficient_scope - The request requires higher privileges than provided by the access token.

INSUFFICIENT_SCOPE - Static variable in class org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes

insufficient_scope - The request requires higher privileges than provided by the access token.

InsufficientAuthenticationException - Exception in org.springframework.security.authentication

Thrown if an authentication request is rejected because the credentials are not sufficiently trusted.

InsufficientAuthenticationException(String) - Constructor for exception org.springframework.security.authentication.InsufficientAuthenticationException

Constructs an InsufficientAuthenticationException with the specified message.

InsufficientAuthenticationException(String, Throwable) - Constructor for exception org.springframework.security.authentication.InsufficientAuthenticationException

Constructs an InsufficientAuthenticationException with the specified message and root cause.

insufficientScope(String, String) - Static method in class org.springframework.security.oauth2.server.resource.BearerTokenErrors

Create a BearerTokenError caused by an invalid token

InteractiveAuthenticationSuccessEvent - Class in org.springframework.security.authentication.event

Indicates an interactive authentication was successful.

InteractiveAuthenticationSuccessEvent(Authentication, Class<?>) - Constructor for class org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent

intercept(HttpRequest, byte[], ClientHttpRequestExecution) - Method in class org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor

intercept(PayloadExchange, PayloadInterceptorChain) - Method in interface org.springframework.security.rsocket.api.PayloadInterceptor

Process the Web request and (optionally) delegate to the next PayloadInterceptor through the given PayloadInterceptorChain.

intercept(PayloadExchange, PayloadInterceptorChain) - Method in class org.springframework.security.rsocket.authentication.AnonymousPayloadInterceptor

intercept(PayloadExchange, PayloadInterceptorChain) - Method in class org.springframework.security.rsocket.authentication.AuthenticationPayloadInterceptor

intercept(PayloadExchange, PayloadInterceptorChain) - Method in class org.springframework.security.rsocket.authorization.AuthorizationPayloadInterceptor

INTERCEPT_MESSAGE - Static variable in class org.springframework.security.config.Elements

INTERCEPT_METHODS - Static variable in class org.springframework.security.config.Elements

INTERCEPT_URL - Static variable in class org.springframework.security.config.Elements

InterceptMethodsBeanDefinitionDecorator - Class in org.springframework.security.config.method

InterceptMethodsBeanDefinitionDecorator() - Constructor for class org.springframework.security.config.method.InterceptMethodsBeanDefinitionDecorator

InterceptorStatusToken - Class in org.springframework.security.access.intercept

Deprecated.

Use delegation with AuthorizationManager

InterceptorStatusToken(SecurityContext, boolean, Collection<ConfigAttribute>, Object) - Constructor for class org.springframework.security.access.intercept.InterceptorStatusToken

Deprecated.

INTERNAL - Static variable in class org.springframework.security.web.webauthn.api.AuthenticatorTransport

internal indicates the respective authenticator is contacted using a client device-specific transport, i.e., it is a platform authenticator.

INTERNAL_VALIDATION_ERROR - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes

An error happened during validation.

InternalAuthenticationServiceException - Exception in org.springframework.security.authentication

Thrown if an authentication request could not be processed due to a system problem that occurred internally.

InternalAuthenticationServiceException(String) - Constructor for exception org.springframework.security.authentication.InternalAuthenticationServiceException

InternalAuthenticationServiceException(String, Throwable) - Constructor for exception org.springframework.security.authentication.InternalAuthenticationServiceException

interval(long) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse.Builder

Sets the minimum amount of time (in seconds) that the client should wait between polling requests to the token endpoint.

INTERVAL - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

interval - used in Device Authorization Response.

introspect(String) - Method in class org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector

Deprecated.

introspect(String) - Method in class org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOpaqueTokenIntrospector

Deprecated.

introspect(String) - Method in interface org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector

Introspect and verify the given token, returning its attributes.

introspect(String) - Method in interface org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector

Introspect and verify the given token, returning its attributes.

introspect(String) - Method in class org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector

introspect(String) - Method in class org.springframework.security.oauth2.server.resource.introspection.SpringReactiveOpaqueTokenIntrospector

introspectionClientCredentials(String, String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer

introspectionClientCredentials(String, String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec

Configures the credentials for Introspection endpoint

introspectionUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer

introspectionUri(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec

Configures the URI of the Introspection endpoint

introspector(OpaqueTokenIntrospector) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer

introspector(ReactiveOpaqueTokenIntrospector) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec

INVALID_ASSERTION - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes

The assertion was not valid.

INVALID_CLIENT - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes

invalid_client - Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method).

INVALID_DESTINATION - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes

Response destination does not match the request URL.

INVALID_GRANT - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes

invalid_grant - The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.

INVALID_IN_RESPONSE_TO - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes

The InResponseTo content of the response does not match the ID of the AuthNRequest.

INVALID_ISSUER - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes

An Issuer element contained a value that didn't https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=15

INVALID_REDIRECT_URI - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes

invalid_redirect_uri - The value of one or more redirection URIs is invalid.

INVALID_REQUEST - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes

invalid_request - The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.

INVALID_REQUEST - Static variable in class org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes

invalid_request - The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats the same parameter, uses more than one method for including an access token, or is otherwise malformed.

INVALID_REQUEST - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes

Request is invalid in a general way.

INVALID_RESPONSE - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes

Response is invalid in a general way.

INVALID_SCOPE - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes

invalid_scope - The requested scope is invalid, unknown, malformed or exceeds the scope granted by the resource owner.

INVALID_SIGNATURE - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes

The signature of response or assertion was invalid.

INVALID_TOKEN - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes

invalid_token - The access token provided is expired, revoked, malformed, or invalid for other reasons.

INVALID_TOKEN - Static variable in class org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes

invalid_token - The access token provided is expired, revoked, malformed, or invalid for other reasons.

invalidate() - Method in class org.springframework.security.core.session.ReactiveSessionInformation

invalidateHttpSession(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

Configures SecurityContextLogoutHandler to invalidate the HttpSession at the time of logout.

InvalidateLeastUsedServerMaximumSessionsExceededHandler - Class in org.springframework.security.web.server.authentication

Implementation of ServerMaximumSessionsExceededHandler that invalidates the least recently used ReactiveSessionInformation and removes the related sessions from the WebSessionStore.

InvalidateLeastUsedServerMaximumSessionsExceededHandler(WebSessionStore) - Constructor for class org.springframework.security.web.server.authentication.InvalidateLeastUsedServerMaximumSessionsExceededHandler

InvalidBearerTokenException - Exception in org.springframework.security.oauth2.server.resource

An OAuth2AuthenticationException that indicates an invalid bearer token.

InvalidBearerTokenException(String) - Constructor for exception org.springframework.security.oauth2.server.resource.InvalidBearerTokenException

Construct an instance of InvalidBearerTokenException given the provided description.

InvalidBearerTokenException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.server.resource.InvalidBearerTokenException

Construct an instance of InvalidBearerTokenException given the provided description and cause The description will be wrapped into an OAuth2Error instance as the error_description.

InvalidCookieException - Exception in org.springframework.security.web.authentication.rememberme

Exception thrown by a RememberMeServices implementation to indicate that a submitted cookie is of an invalid format or has expired.

InvalidCookieException(String) - Constructor for exception org.springframework.security.web.authentication.rememberme.InvalidCookieException

InvalidCsrfTokenException - Exception in org.springframework.security.web.csrf

Thrown when an expected CsrfToken exists, but it does not match the value present on the HttpServletRequest

InvalidCsrfTokenException(CsrfToken, String) - Constructor for exception org.springframework.security.web.csrf.InvalidCsrfTokenException

InvalidOneTimeTokenException - Exception in org.springframework.security.authentication.ott

An AuthenticationException that indicates an invalid one-time token.

InvalidOneTimeTokenException(String) - Constructor for exception org.springframework.security.authentication.ott.InvalidOneTimeTokenException

invalidRequest(String) - Static method in class org.springframework.security.oauth2.server.resource.BearerTokenErrors

Create a BearerTokenError caused by an invalid request

InvalidSessionAccessDeniedHandler - Class in org.springframework.security.web.session

An adapter of InvalidSessionStrategy to AccessDeniedHandler

InvalidSessionAccessDeniedHandler(InvalidSessionStrategy) - Constructor for class org.springframework.security.web.session.InvalidSessionAccessDeniedHandler

Creates a new instance

invalidSessionStrategy(InvalidSessionStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Setting this attribute will inject the provided invalidSessionStrategy into the SessionManagementFilter.

InvalidSessionStrategy - Interface in org.springframework.security.web.session

Determines the behaviour of the SessionManagementFilter when an invalid session Id is submitted and detected in the SessionManagementFilter.

invalidSessionUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Setting this attribute will inject the SessionManagementFilter with a SimpleRedirectInvalidSessionStrategy configured with the attribute value.

invalidToken(String) - Static method in class org.springframework.security.oauth2.server.resource.BearerTokenErrors

Create a BearerTokenError caused by an invalid token

INVOCATION_ATTRIBUTE_FACTORY - Static variable in class org.springframework.security.config.Elements

INVOCATION_HANDLING - Static variable in class org.springframework.security.config.Elements

INVOCATIONTARGET_EXTRACTOR - Static variable in class org.springframework.security.web.util.ThrowableAnalyzer

Default extractor for InvocationTargetException instances.

invoke(MethodInvocation) - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor

Deprecated.

This method should be used to enforce security on a MethodInvocation.

invoke(MethodInvocation) - Method in class org.springframework.security.access.prepost.PrePostAdviceReactiveMethodInterceptor

Deprecated.

invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor

Determine if an Authentication has access to the MethodInvocation using the AuthorizationManager.

invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor

Determines if an Authentication has access to the returned object from the MethodInvocation using the configured ReactiveAuthorizationManager.

invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor

Determine if an Authentication has access to the MethodInvocation using the configured AuthorizationManager.

invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor

Determines if an Authentication has access to the MethodInvocation using the configured ReactiveAuthorizationManager.

invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor

invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor

Filter a returnedObject using the PostFilter annotation that the MethodInvocation specifies.

invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor

Filters the returned object from the MethodInvocation by evaluating an expression from the PostFilter annotation.

invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor

Filter the method argument specified in the PreFilter annotation that MethodInvocation specifies.

invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor

Filters a reactive method argument by evaluating an expression from the PreFilter annotation.

invoke(JoinPoint) - Method in class org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor

Deprecated.

Method that is suitable for user with @Aspect notation.

invoke(JoinPoint, AspectJCallback) - Method in class org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor

Deprecated.

Method that is suitable for user with traditional AspectJ-code aspects.

invoke(FilterInvocation) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor

Deprecated.

invokeAll(Collection) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService

invokeAll(Collection, long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService

invokeAny(Collection) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService

invokeAny(Collection, long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService

IpAddressAuthorizationManager - Class in org.springframework.security.web.access

A AuthorizationManager, that determines if the current request contains the specified address or range of addresses

IpAddressMatcher - Class in org.springframework.security.web.util.matcher

Matches a request based on IP Address or subnet mask matching against the remote address.

IpAddressMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.IpAddressMatcher

Takes a specific IP address or a range specified using the IP/Netmask (e.g.

IpAddressReactiveAuthorizationManager - Class in org.springframework.security.web.server.authorization

A ReactiveAuthorizationManager, that determines if the current request contains the specified address or range of addresses

IpAddressServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher

Matches a request based on IP Address or subnet mask matching against the remote address.

IpAddressServerWebExchangeMatcher(String) - Constructor for class org.springframework.security.web.server.util.matcher.IpAddressServerWebExchangeMatcher

Takes a specific IP address or a range specified using the IP/Netmask (e.g.

IS_AUTHENTICATED_ANONYMOUSLY - Static variable in class org.springframework.security.access.vote.AuthenticatedVoter

Deprecated.

IS_AUTHENTICATED_FULLY - Static variable in class org.springframework.security.access.vote.AuthenticatedVoter

Deprecated.

IS_AUTHENTICATED_REMEMBERED - Static variable in class org.springframework.security.access.vote.AuthenticatedVoter

Deprecated.

isAbsoluteUrl(String) - Static method in class org.springframework.security.web.util.UrlUtils

Decides if a URL is absolute based on whether it contains a valid scheme name, as defined in RFC 1738.

isAccountNonExpired() - Method in class org.springframework.security.core.userdetails.User

isAccountNonExpired() - Method in interface org.springframework.security.core.userdetails.UserDetails

Indicates whether the user's account has expired.

isAccountNonExpired() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl

isAccountNonLocked() - Method in class org.springframework.security.core.userdetails.User

isAccountNonLocked() - Method in interface org.springframework.security.core.userdetails.UserDetails

Indicates whether the user is locked or unlocked.

isAccountNonLocked() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl

isAclClassIdSupported() - Method in class org.springframework.security.acls.jdbc.JdbcAclService

isActive() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor

Returns the indicator (active) whether or not the token is currently active

isAllowed(String, String, String, Authentication) - Method in class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator

isAllowed(String, String, String, Authentication) - Method in class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator

Deprecated.

Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .

isAllowed(String, String, String, Authentication) - Method in class org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator

Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.

isAllowed(String, String, String, Authentication) - Method in interface org.springframework.security.web.access.WebInvocationPrivilegeEvaluator

Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .

isAllowed(String, Authentication) - Method in class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator

isAllowed(String, Authentication) - Method in class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator

Deprecated.

Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.

isAllowed(String, Authentication) - Method in class org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator

Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.

isAllowed(String, Authentication) - Method in interface org.springframework.security.web.access.WebInvocationPrivilegeEvaluator

Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.

isAllowed(MethodInvocation, Authentication) - Method in class org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator

Deprecated.

isAllowIfAllAbstainDecisions() - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager

Deprecated.

isAllowIfEqualGrantedDeniedDecisions() - Method in class org.springframework.security.access.vote.ConsensusBased

Deprecated.

isAllowSessionCreation() - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler

isAlwaysReauthenticate() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

isAlwaysUseDefaultTargetUrl() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

isAnonymous() - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() is anonymous

isAnonymous() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot

isAnonymous(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationTrustResolver

Indicates whether the passed Authentication token represents an anonymous user.

isAnonymous(Authentication) - Method in class org.springframework.security.authentication.AuthenticationTrustResolverImpl

isAsyncSecuritySupported() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer

Determine if the springSecurityFilterChain should be marked as supporting async.

isAuditFailure() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl

isAuditFailure() - Method in interface org.springframework.security.acls.model.AuditableAccessControlEntry

isAuditSuccess() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl

isAuditSuccess() - Method in interface org.springframework.security.acls.model.AuditableAccessControlEntry

isAuthenticateAllArtifacts() - Method in class org.springframework.security.cas.ServiceProperties

isAuthenticated() - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations

Determines ifthe SecurityExpressionOperations.getAuthentication() is authenticated

isAuthenticated() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot

isAuthenticated() - Method in class org.springframework.security.authentication.AbstractAuthenticationToken

isAuthenticated() - Method in interface org.springframework.security.core.Authentication

Used to indicate to AbstractSecurityInterceptor whether it should present the authentication token to the AuthenticationManager.

isAuthenticated() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken

isAuthenticated() - Method in class org.springframework.security.web.authentication.HttpMessageConverterAuthenticationSuccessHandler.AuthenticationSuccess

isAuthenticated(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationTrustResolver

Checks if the Authentication is not null, authenticated, and not anonymous.

isAuthnRequestsSigned() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration

Get the AuthnRequestsSigned setting.

isBackupEligible() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord

The backupElgible flag is the same as the BE flag in authData.

isBackupEligible() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord

isBackupState() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord

The backupState flag is the same as the BS flag in authData.

isBackupState() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord

isBase64(byte[]) - Static method in class org.springframework.security.crypto.codec.Base64

Deprecated.

isChangeAfterReset() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl

isCleared() - Method in class org.springframework.security.core.context.SecurityContextChangedEvent

Say whether the event is a context-clearing event.

isCompromised() - Method in class org.springframework.security.authentication.password.CompromisedPasswordDecision

isConfigured() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

Determines if the AuthenticationManagerBuilder is configured to build a non null AuthenticationManager.

isContextHolderRefreshRequired() - Method in class org.springframework.security.access.intercept.InterceptorStatusToken

Deprecated.

isContextRelative() - Method in class org.springframework.security.web.DefaultRedirectStrategy

Returns true, if the redirection URL should be calculated minus the protocol and context path (defaults to false).

isContextSaved() - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper

Deprecated.

Tells if the response wrapper has called saveContext() because of this wrapper.

isConvertToUpperCase() - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

Returns true if role names are converted to uppercase Method available so that classes extending this can override

isCredentialsNonExpired() - Method in class org.springframework.security.core.userdetails.User

isCredentialsNonExpired() - Method in interface org.springframework.security.core.userdetails.UserDetails

Indicates whether the user's credentials (password) has expired.

isCredentialsNonExpired() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl

isCritical() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyControl

Returns whether the control is critical for the client.

isCustomLoginPage() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

isDecryptionCredential() - Method in class org.springframework.security.saml2.core.Saml2X509Credential

Indicate whether this credential can be used for decryption

isDisableOnResponseCommitted() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper

Returns true if OnCommittedResponseWrapper.onResponseCommitted() will be invoked when the response is committed, else false.

isEnabled() - Method in class org.springframework.security.core.userdetails.memory.UserAttribute

isEnabled() - Method in class org.springframework.security.core.userdetails.User

isEnabled() - Method in interface org.springframework.security.core.userdetails.UserDetails

Indicates whether the user is enabled or disabled.

isEnabled() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl

isEnabled() - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

isEncryptionCredential() - Method in class org.springframework.security.saml2.core.Saml2X509Credential

Indicate whether this credential can be used for encryption

isEnforceCredentialProtectionPolicy() - Method in class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput.CredProtect

isEntriesInheriting() - Method in class org.springframework.security.acls.domain.AclImpl

isEntriesInheriting() - Method in interface org.springframework.security.acls.model.Acl

Indicates whether the ACL entries from the Acl.getParentAcl() should flow down into the current Acl.

isEraseCredentialsAfterAuthentication() - Method in class org.springframework.security.authentication.ProviderManager

isExpired() - Method in class org.springframework.security.core.session.ReactiveSessionInformation

isExpired() - Method in class org.springframework.security.core.session.SessionInformation

isExpired() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl

isForceHttps() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

isForcePrincipalAsString() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

isFullyAuthenticated() - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() authenticated without the use of remember me

isFullyAuthenticated() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot

isFullyAuthenticated(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationTrustResolver

Indicates whether the passed Authentication token represents a fully authenticated user (that is, neither anonymous or remember-me).

isGenerated() - Method in interface org.springframework.security.core.context.DeferredSecurityContext

Returns true if Supplier.get() refers to a generated SecurityContext or false if it already existed.

isGenerated() - Method in interface org.springframework.security.web.csrf.DeferredCsrfToken

Returns true if DeferredCsrfToken.get() refers to a generated CsrfToken or false if it already existed.

isGranted() - Method in class org.springframework.security.authorization.AuthorizationDecision

isGranted() - Method in exception org.springframework.security.authorization.AuthorizationDeniedException

isGranted() - Method in interface org.springframework.security.authorization.AuthorizationResult

isGranted(List<Permission>, List<Sid>, boolean) - Method in class org.springframework.security.acls.domain.AclImpl

Delegates to the PermissionGrantingStrategy.

isGranted(List<Permission>, List<Sid>, boolean) - Method in interface org.springframework.security.acls.model.Acl

This is the actual authorization logic method, and must be used whenever ACL authorization decisions are required.

isGranted(AccessControlEntry, Permission) - Method in class org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy

Compares an ACE Permission to the given Permission.

isGranted(Acl, List<Permission>, List<Sid>, boolean) - Method in class org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy

Determines authorization.

isGranted(Acl, List<Permission>, List<Sid>, boolean) - Method in interface org.springframework.security.acls.model.PermissionGrantingStrategy

Returns true if the supplied strategy decides that the supplied Acl grants access based on the supplied list of permissions and sids.

isGranting() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl

isGranting() - Method in interface org.springframework.security.acls.model.AccessControlEntry

Indicates the permission is being granted to the relevant Sid.

isHideUserNotFoundExceptions() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

isHtmlEscape() - Method in class org.springframework.security.taglibs.authz.AuthenticationTag

Return the HTML escaping setting for this tag, or the default setting if not overridden.

isIgnoreFailure() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter

isIgnoreUnknown() - Method in class org.springframework.security.authorization.method.PrePostTemplateDefaults

Deprecated.

Whether template resolution should ignore placeholders it doesn't recognize.

isIgnoreUnknown() - Method in class org.springframework.security.core.annotation.AnnotationTemplateExpressionDefaults

Whether template resolution should ignore placeholders it doesn't recognize.

isInvalidateHttpSession() - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler

isLocked() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl

Determines whether an account locked error has been returned.

isLogInteractiveAuthenticationSuccessEvents() - Method in class org.springframework.security.authentication.event.LoggerListener

isMatch() - Method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher.MatchResult

isMatch() - Method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult

isMatch() - Method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult

isMergeEnabled() - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder

isMergeEnabled() - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.LogoutRequestBuilder

isObserveOncePerRequest() - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter

isObserveOncePerRequest() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor

Deprecated.

Indicates whether once-per-request handling will be observed.

isPerInstance() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor

isPerInstance() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor

isPerInstance() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor

isPerInstance() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor

isPerInstance() - Method in class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor

isPerInstance() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor

isPerInstance() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor

isPerInstance() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor

isPerInstance() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor

isRejectPublicInvocations() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

isRememberMe() - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations

Determines if the SecurityExpressionOperations.getAuthentication() was authenticated using remember me

isRememberMe() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot

isRememberMe(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationTrustResolver

Indicates whether the passed Authentication token represents user that has been remembered (i.e.

isRememberMe(Authentication) - Method in class org.springframework.security.authentication.AuthenticationTrustResolverImpl

isRequest() - Method in enum class org.springframework.security.rsocket.api.PayloadExchangeType

Determines if this exchange is a type of request (i.e.

isRk() - Method in class org.springframework.security.web.webauthn.api.CredentialPropertiesOutput.ExtensionOutput

This OPTIONAL property, known abstractly as the resident key credential property (i.e., client-side discoverable credential property), is a Boolean value indicating whether the PublicKeyCredential returned as a result of a registration ceremony is a client-side discoverable credential.

isRunning() - Method in class org.springframework.security.ldap.server.ApacheDSContainer

Deprecated.

isRunning() - Method in class org.springframework.security.ldap.server.UnboundIdContainer

ISS - Static variable in class org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimNames

iss - the Issuer identifier

ISS - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames

iss - The issuer of the token

ISS - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames

iss - the Issuer identifier

ISS - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames

iss - the Issuer claim identifies the principal that issued the JWT

isSecure() - Method in class org.springframework.security.web.savedrequest.SavedCookie

isSendRenew() - Method in class org.springframework.security.cas.ServiceProperties

Indicates whether the renew parameter should be sent to the CAS login URL and CAS validation URL.

isShutdown() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService

isSidLoaded(List<Sid>) - Method in class org.springframework.security.acls.domain.AclImpl

isSidLoaded(List<Sid>) - Method in interface org.springframework.security.acls.model.Acl

For efficiency reasons an Acl may be loaded and not contain entries for every Sid in the system.

isSigningCredential() - Method in class org.springframework.security.saml2.core.Saml2X509Credential

Indicate whether this credential can be used for signing

isSimpDestPathMatcherConfigured() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Deprecated.

Determines if the MessageSecurityMetadataSourceRegistry.simpDestPathMatcher(PathMatcher) has been explicitly set.

isSingleton() - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean

isSingleton() - Method in class org.springframework.security.core.token.SecureRandomFactoryBean

isStateless() - Method in class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken

isSuccess() - Method in class org.springframework.security.web.webauthn.registration.WebAuthnRegistrationFilter.SuccessfulUserRegistrationResponse

ISSUED_TOKEN_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

issued_token_type - used in Token Exchange Access Token Response.

issuedAt(Instant) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder

Use this issued-at timestamp in the resulting OidcLogoutToken

issuedAt(Instant) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder

Use this issued-at timestamp in the resulting OidcIdToken

issuedAt(Instant) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder

Use this issued-at timestamp in the resulting Jwt

issuedAt(Instant) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder

Sets the issued at (iat) claim, which identifies the time at which the JWT was issued.

issuer(String) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder

Use this issuer in the resulting OidcLogoutToken

issuer(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder

Use this issuer in the resulting OidcIdToken

issuer(String) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder

Use this issuer in the resulting Jwt

issuer(String) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder

Sets the issuer (iss) claim, which identifies the principal that issued the JWT.

issuerUri(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder

Sets the issuer identifier uri for the OpenID Connect 1.0 provider or the OAuth 2.0 Authorization Server.

isTerminated() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService

isTokenExpired(long) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices

isUiSecurityDisabled() - Static method in class org.springframework.security.taglibs.TagLibConfig

isUseForward() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

isUseForward() - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler

isUserInRole(String) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper

Simple searches for an exactly matching GrantedAuthority.getAuthority().

isUsernameBasedPrimaryKey() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

isUsingGraceLogins() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl

isUvInitialized() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord

uvInitialized is the value of the UV (user verified) flag in authData and indicates whether any credential from this public key credential source has had the UV flag set.

isUvInitialized() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord

isValid() - Method in class org.springframework.security.core.userdetails.memory.UserAttribute

isValidateConfigAttributes() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

isValidRedirectUrl(String) - Static method in class org.springframework.security.web.util.UrlUtils

Returns true if the supplied URL starts with a "/" or is absolute.

isVerificationCredential() - Method in class org.springframework.security.saml2.core.Saml2X509Credential

Indicate whether this credential can be used for verification

IterableRelyingPartyRegistrationRepository - Interface in org.springframework.security.saml2.provider.service.registration

An interface that simplifies APIs which require the RelyingPartyRegistrationRepository to also be Iterable

iterator() - Method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory

iterator() - Method in class org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository

Returns an Iterator of ClientRegistration.

iterator() - Method in class org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository

Returns an Iterator of ClientRegistration.

iterator() - Method in class org.springframework.security.oauth2.client.registration.SupplierClientRegistrationRepository

Returns an Iterator of ClientRegistration.

iterator() - Method in class org.springframework.security.saml2.provider.service.registration.CachingRelyingPartyRegistrationRepository

iterator() - Method in class org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository

J

J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource - Class in org.springframework.security.web.authentication.preauth.j2ee

Implementation of AuthenticationDetailsSource which converts the user's J2EE roles (as obtained by calling HttpServletRequest.isUserInRole(String)) into GrantedAuthoritys and stores these in the authentication details object.

J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource() - Constructor for class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource

j2eeMappableRoles - Variable in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource

The role attributes returned by the configured MappableAttributesRetriever

j2eePreAuthenticatedProcessingFilter(J2eePreAuthenticatedProcessingFilter) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer

Allows specifying the J2eePreAuthenticatedProcessingFilter to use.

J2eePreAuthenticatedProcessingFilter - Class in org.springframework.security.web.authentication.preauth.j2ee

This AbstractPreAuthenticatedProcessingFilter implementation is based on the J2EE container-based authentication mechanism.

J2eePreAuthenticatedProcessingFilter() - Constructor for class org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter

j2eeUserRoles2GrantedAuthoritiesMapper - Variable in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource

JaasApiIntegrationFilter - Class in org.springframework.security.web.jaasapi

A Filter which attempts to obtain a JAAS Subject and continue the FilterChain running as that Subject.

JaasApiIntegrationFilter() - Constructor for class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter

JaasAuthenticationCallbackHandler - Interface in org.springframework.security.authentication.jaas

The JaasAuthenticationCallbackHandler is similar to the javax.security.auth.callback.CallbackHandler interface in that it defines a handle method.

JaasAuthenticationEvent - Class in org.springframework.security.authentication.jaas.event

Parent class for events fired by the JaasAuthenticationProvider.

JaasAuthenticationEvent(Authentication) - Constructor for class org.springframework.security.authentication.jaas.event.JaasAuthenticationEvent

The Authentication object is stored as the ApplicationEvent 'source'.

JaasAuthenticationFailedEvent - Class in org.springframework.security.authentication.jaas.event

Fired when LoginContext.login throws a LoginException, or if any other exception is thrown during that time.

JaasAuthenticationFailedEvent(Authentication, Exception) - Constructor for class org.springframework.security.authentication.jaas.event.JaasAuthenticationFailedEvent

JaasAuthenticationProvider - Class in org.springframework.security.authentication.jaas

An AuthenticationProvider implementation that retrieves user details from a JAAS login configuration.

JaasAuthenticationProvider() - Constructor for class org.springframework.security.authentication.jaas.JaasAuthenticationProvider

JaasAuthenticationSuccessEvent - Class in org.springframework.security.authentication.jaas.event

Fired by the JaasAuthenticationProvider after successfully logging the user into the LoginContext, handling all callbacks, and calling all AuthorityGranters.

JaasAuthenticationSuccessEvent(Authentication) - Constructor for class org.springframework.security.authentication.jaas.event.JaasAuthenticationSuccessEvent

JaasAuthenticationToken - Class in org.springframework.security.authentication.jaas

UsernamePasswordAuthenticationToken extension to carry the Jaas LoginContext that the user was logged into

JaasAuthenticationToken(Object, Object, List<GrantedAuthority>, LoginContext) - Constructor for class org.springframework.security.authentication.jaas.JaasAuthenticationToken

JaasAuthenticationToken(Object, Object, LoginContext) - Constructor for class org.springframework.security.authentication.jaas.JaasAuthenticationToken

JaasGrantedAuthority - Class in org.springframework.security.authentication.jaas

GrantedAuthority which, in addition to the assigned role, holds the principal that an AuthorityGranter used as a reason to grant this authority.

JaasGrantedAuthority(String, Principal) - Constructor for class org.springframework.security.authentication.jaas.JaasGrantedAuthority

JaasNameCallbackHandler - Class in org.springframework.security.authentication.jaas

The most basic Callbacks to be handled when using a LoginContext from JAAS, are the NameCallback and PasswordCallback.

JaasNameCallbackHandler() - Constructor for class org.springframework.security.authentication.jaas.JaasNameCallbackHandler

JaasPasswordCallbackHandler - Class in org.springframework.security.authentication.jaas

The most basic Callbacks to be handled when using a LoginContext from JAAS, are the NameCallback and PasswordCallback.

JaasPasswordCallbackHandler() - Constructor for class org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler

JDBC_USER_SERVICE - Static variable in class org.springframework.security.config.Elements

JdbcAclService - Class in org.springframework.security.acls.jdbc

Simple JDBC-based implementation of AclService.

JdbcAclService(DataSource, LookupStrategy) - Constructor for class org.springframework.security.acls.jdbc.JdbcAclService

JdbcAclService(JdbcOperations, LookupStrategy) - Constructor for class org.springframework.security.acls.jdbc.JdbcAclService

jdbcAuthentication() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

Add JDBC authentication to the AuthenticationManagerBuilder and return a JdbcUserDetailsManagerConfigurer to allow customization of the JDBC authentication.

JdbcDaoImpl - Class in org.springframework.security.core.userdetails.jdbc

UserDetailsService implementation which retrieves the user details (username, password, enabled flag, and authorities) from a database using JDBC queries.

JdbcDaoImpl() - Constructor for class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

JdbcMutableAclService - Class in org.springframework.security.acls.jdbc

Provides a base JDBC implementation of MutableAclService.

JdbcMutableAclService(DataSource, LookupStrategy, AclCache) - Constructor for class org.springframework.security.acls.jdbc.JdbcMutableAclService

JdbcOAuth2AuthorizedClientService - Class in org.springframework.security.oauth2.client

A JDBC implementation of an OAuth2AuthorizedClientService that uses a JdbcOperations for OAuth2AuthorizedClient persistence.

JdbcOAuth2AuthorizedClientService(JdbcOperations, ClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService

Constructs a JdbcOAuth2AuthorizedClientService using the provided parameters.

JdbcOAuth2AuthorizedClientService(JdbcOperations, ClientRegistrationRepository, LobHandler) - Constructor for class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService

Constructs a JdbcOAuth2AuthorizedClientService using the provided parameters.

JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder - Class in org.springframework.security.oauth2.client

A holder for an OAuth2AuthorizedClient and End-User Authentication (Resource Owner).

JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper - Class in org.springframework.security.oauth2.client

The default Function that maps JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder to a List of SqlParameterValue.

JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper - Class in org.springframework.security.oauth2.client

The default RowMapper that maps the current row in java.sql.ResultSet to OAuth2AuthorizedClient.

JdbcOneTimeTokenService - Class in org.springframework.security.authentication.ott

A JDBC implementation of an OneTimeTokenService that uses a JdbcOperations for OneTimeToken persistence.

JdbcOneTimeTokenService(JdbcOperations) - Constructor for class org.springframework.security.authentication.ott.JdbcOneTimeTokenService

Constructs a JdbcOneTimeTokenService using the provide parameters.

jdbcOperations - Variable in class org.springframework.security.acls.jdbc.JdbcAclService

jdbcOperations - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService

JdbcTokenRepositoryImpl - Class in org.springframework.security.web.authentication.rememberme

JDBC based persistent login token repository implementation.

JdbcTokenRepositoryImpl() - Constructor for class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl

JdbcUserDetailsManager - Class in org.springframework.security.provisioning

Jdbc user management service, based on the same table structure as its parent class, JdbcDaoImpl.

JdbcUserDetailsManager() - Constructor for class org.springframework.security.provisioning.JdbcUserDetailsManager

JdbcUserDetailsManager(DataSource) - Constructor for class org.springframework.security.provisioning.JdbcUserDetailsManager

JdbcUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>> - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning

Configures an AuthenticationManagerBuilder to have JDBC authentication.

JdbcUserDetailsManagerConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

JdbcUserDetailsManagerConfigurer(JdbcUserDetailsManager) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

JdbcUserServiceBeanDefinitionParser - Class in org.springframework.security.config.authentication

JdbcUserServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.JdbcUserServiceBeanDefinitionParser

jee() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.jee(Customizer) or jee(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

jee(Customizer<JeeConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures container based pre authentication.

JEE - Static variable in class org.springframework.security.config.Elements

JeeConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds support for J2EE pre authentication.

JeeConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.JeeConfigurer

Creates a new instance

JKU - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames

jku - the JWK Set URL header is a URI that refers to a resource for a set of JSON-encoded public keys, one of which corresponds to the key used to digitally sign a JWS or encrypt a JWE

JoseHeaderNames - Class in org.springframework.security.oauth2.jwt

The Registered Header Parameter Names defined by the JSON Web Token (JWT), JSON Web Signature (JWS) and JSON Web Encryption (JWE) specifications that may be contained in the JOSE Header of a JWT.

JspAuthorizeTag - Class in org.springframework.security.taglibs.authz

A JSP Tag implementation of AbstractAuthorizeTag.

JspAuthorizeTag() - Constructor for class org.springframework.security.taglibs.authz.JspAuthorizeTag

jsr250() - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor

Creates an interceptor for the JSR-250 annotations

jsr250(AuthorizationManager<MethodInvocation>) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor

Creates an interceptor for the JSR-250 annotations

jsr250(Jsr250AuthorizationManager) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor

Creates an interceptor for the JSR-250 annotations

JSR250 - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder

Jsr250AuthorizationManager - Class in org.springframework.security.authorization.method

An AuthorizationManager which can determine if an Authentication may invoke the MethodInvocation by evaluating if the Authentication contains a specified authority from the JSR-250 security annotations.

Jsr250AuthorizationManager() - Constructor for class org.springframework.security.authorization.method.Jsr250AuthorizationManager

Jsr250AuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor

jsr250Enabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity

Deprecated.

Determines if JSR-250 annotations should be enabled.

jsr250Enabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity

Determines if JSR-250 annotations should be enabled.

Jsr250MethodSecurityMetadataSource - Class in org.springframework.security.access.annotation

Deprecated.

Use Jsr250AuthorizationManager instead

Jsr250MethodSecurityMetadataSource() - Constructor for class org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource

Deprecated.

Jsr250SecurityConfig - Class in org.springframework.security.access.annotation

Deprecated.

Use AuthorizationManagerBeforeMethodInterceptor.jsr250() instead

Jsr250SecurityConfig(String) - Constructor for class org.springframework.security.access.annotation.Jsr250SecurityConfig

Deprecated.

Jsr250Voter - Class in org.springframework.security.access.annotation

Deprecated.

Use Jsr250AuthorizationManager instead

Jsr250Voter() - Constructor for class org.springframework.security.access.annotation.Jsr250Voter

Deprecated.

jti(String) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder

Use this id to identify the resulting OidcLogoutToken

jti(String) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder

Use this identifier in the resulting Jwt

JTI - Static variable in class org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimNames

jti - the JTI identifier

JTI - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames

jti - The identifier for the token

JTI - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames

jti - The JWT ID claim provides a unique identifier for the JWT

JwaAlgorithm - Interface in org.springframework.security.oauth2.jose

Super interface for cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification and used by JSON Web Signature (JWS) to digitally sign or create a MAC of the contents and JSON Web Encryption (JWE) to encrypt the contents.

jwk(Map<String, Object>) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder

Sets the JSON Web Key which is the public key that corresponds to the key used to digitally sign the JWS or encrypt the JWE.

JWK - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames

jwk - the JSON Web Key header is the public key that corresponds to the key used to digitally sign a JWS or encrypt a JWE

jwkSetUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer

jwkSetUri(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

Configures a ReactiveJwtDecoder using JSON Web Key (JWK) URL

jwkSetUri(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder

Sets the uri for the JSON Web Key (JWK) Set endpoint.

jwkSetUrl(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder

Sets the JWK Set URL that refers to the resource of a set of JSON-encoded public keys, one of which corresponds to the key used to digitally sign the JWS or encrypt the JWE.

jwsAlgorithm(JwsAlgorithm) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder

Use the given signing algorithm.

jwsAlgorithm(SignatureAlgorithm) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder

Append the given signing algorithm to the set of algorithms to use.

jwsAlgorithm(SignatureAlgorithm) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder

Append the given signing algorithm to the set of algorithms to use.

JwsAlgorithm - Interface in org.springframework.security.oauth2.jose.jws

Super interface for cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification and used by JSON Web Signature (JWS) to digitally sign or create a MAC of the contents of the JWS Protected Header and JWS Payload.

jwsAlgorithms(Consumer<Set<SignatureAlgorithm>>) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder

Configure the list of algorithms to use with the given Consumer.

jwsAlgorithms(Consumer<Set<SignatureAlgorithm>>) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder

Configure the list of algorithms to use with the given Consumer.

JwsAlgorithms - Class in org.springframework.security.oauth2.jose.jws

The cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification and used by JSON Web Signature (JWS) to digitally sign or create a MAC of the contents of the JWS Protected Header and JWS Payload.

JwsHeader - Class in org.springframework.security.oauth2.jwt

The JSON Web Signature (JWS) header is a JSON object representing the header parameters of a JSON Web Token, that describe the cryptographic operations used to digitally sign or create a MAC of the contents of the JWS Protected Header and JWS Payload.

JwsHeader.Builder - Class in org.springframework.security.oauth2.jwt

A builder for JwsHeader.

jwt() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use OAuth2ResourceServerConfigurer.jwt(Customizer) or jwt(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

jwt() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.OAuth2ResourceServerSpec.jwt(Customizer) or jwt(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

jwt() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors

Establish a SecurityContext that has a JwtAuthenticationToken for the Authentication and a Jwt for the Authentication.getPrincipal().

jwt(Consumer<Jwt.Builder>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator

Use the given Jwt.Builder Consumer to configure the underlying Jwt This method first creates a default Jwt.Builder instance with default values for the alg, sub, and scope claims.

jwt(Consumer<Jwt.Builder>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor

Use the given Jwt.Builder Consumer to configure the underlying Jwt This method first creates a default Jwt.Builder instance with default values for the alg, sub, and scope claims.

jwt(Customizer<RSocketSecurity.JwtSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity

jwt(Customizer<OAuth2ResourceServerConfigurer.JwtConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

Enables Jwt-encoded bearer token support.

jwt(Customizer<ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

Enables JWT Resource Server support.

jwt(Jwt) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator

Use the given Jwt

jwt(Jwt) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor

Use the given Jwt

Jwt - Class in org.springframework.security.oauth2.jwt

An implementation of an AbstractOAuth2Token representing a JSON Web Token (JWT).

Jwt(String, Instant, Instant, Map<String, Object>, Map<String, Object>) - Constructor for class org.springframework.security.oauth2.jwt.Jwt

Constructs a Jwt using the provided parameters.

JWT - Static variable in class org.springframework.security.config.Elements

JWT_AUTHENTICATION - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder

Where JWT based authentication is performed.

JWT_BEARER - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType

Jwt.Builder - Class in org.springframework.security.oauth2.jwt

Helps configure a Jwt

jwtAuthenticationConverter(Converter<Jwt, ? extends AbstractAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer

jwtAuthenticationConverter(Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

Configures the Converter to use for converting a Jwt into an AbstractAuthenticationToken.

JwtAuthenticationConverter - Class in org.springframework.security.oauth2.server.resource.authentication

JwtAuthenticationConverter() - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter

JwtAuthenticationProvider - Class in org.springframework.security.oauth2.server.resource.authentication

An AuthenticationProvider implementation of the Jwt-encoded Bearer Tokens for protecting OAuth 2.0 Resource Servers.

JwtAuthenticationProvider(JwtDecoder) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider

JwtAuthenticationToken - Class in org.springframework.security.oauth2.server.resource.authentication

An implementation of an AbstractOAuth2TokenAuthenticationToken representing a Jwt Authentication.

JwtAuthenticationToken(Jwt) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken

Constructs a JwtAuthenticationToken using the provided parameters.

JwtAuthenticationToken(Jwt, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken

Constructs a JwtAuthenticationToken using the provided parameters.

JwtAuthenticationToken(Jwt, Collection<? extends GrantedAuthority>, String) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken

Constructs a JwtAuthenticationToken using the provided parameters.

JwtBearerGrantRequest - Class in org.springframework.security.oauth2.client.endpoint

A JWT Bearer Grant request that holds a Jwt assertion.

JwtBearerGrantRequest(ClientRegistration, Jwt) - Constructor for class org.springframework.security.oauth2.client.endpoint.JwtBearerGrantRequest

Constructs a JwtBearerGrantRequest using the provided parameters.

JwtBearerGrantRequestEntityConverter - Class in org.springframework.security.oauth2.client.endpoint

Deprecated.

Use DefaultOAuth2TokenRequestParametersConverter instead

JwtBearerGrantRequestEntityConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.JwtBearerGrantRequestEntityConverter

Deprecated.

JwtBearerOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client

An implementation of an OAuth2AuthorizedClientProvider for the jwt-bearer grant.

JwtBearerOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.JwtBearerOAuth2AuthorizedClientProvider

JwtBearerReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client

An implementation of an ReactiveOAuth2AuthorizedClientProvider for the jwt-bearer grant.

JwtBearerReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider

JwtBearerTokenAuthenticationConverter - Class in org.springframework.security.oauth2.server.resource.authentication

A Converter that takes a Jwt and converts it into a BearerTokenAuthentication.

JwtBearerTokenAuthenticationConverter() - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtBearerTokenAuthenticationConverter

JwtClaimAccessor - Interface in org.springframework.security.oauth2.jwt

A ClaimAccessor for the "claims" that may be contained in the JSON object JWT Claims Set of a JSON Web Token (JWT).

JwtClaimNames - Class in org.springframework.security.oauth2.jwt

The Registered Claim Names defined by the JSON Web Token (JWT) specification that may be contained in the JSON object JWT Claims Set.

JwtClaimsSet - Class in org.springframework.security.oauth2.jwt

The JWT Claims Set is a JSON object representing the claims conveyed by a JSON Web Token.

JwtClaimsSet.Builder - Class in org.springframework.security.oauth2.jwt

A builder for JwtClaimsSet.

JwtClaimValidator<T> - Class in org.springframework.security.oauth2.jwt

Validates a claim in a Jwt against a provided Predicate

JwtClaimValidator(String, Predicate<T>) - Constructor for class org.springframework.security.oauth2.jwt.JwtClaimValidator

Constructs a JwtClaimValidator using the provided parameters

jwtDecoder(ReactiveJwtDecoder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

Configures the ReactiveJwtDecoder to use

JwtDecoder - Interface in org.springframework.security.oauth2.jwt

Implementations of this interface are responsible for "decoding" a JSON Web Token (JWT) from its compact claims representation format to a Jwt.

JwtDecoderFactory<C> - Interface in org.springframework.security.oauth2.jwt

A factory for JwtDecoder(s).

JwtDecoderInitializationException - Exception in org.springframework.security.oauth2.jwt

An exception thrown when a JwtDecoder or ReactiveJwtDecoder's lazy initialization fails.

JwtDecoderInitializationException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.jwt.JwtDecoderInitializationException

JwtDecoders - Class in org.springframework.security.oauth2.jwt

Allows creating a JwtDecoder from an OpenID Provider Configuration or Authorization Server Metadata Request based on provided issuer and method invoked.

JwtEncoder - Interface in org.springframework.security.oauth2.jwt

Implementations of this interface are responsible for encoding a JSON Web Token (JWT) to it's compact claims representation format.

JwtEncoderParameters - Class in org.springframework.security.oauth2.jwt

A holder of parameters containing the JWS headers and JWT Claims Set.

JwtEncodingException - Exception in org.springframework.security.oauth2.jwt

This exception is thrown when an error occurs while attempting to encode a JSON Web Token (JWT).

JwtEncodingException(String) - Constructor for exception org.springframework.security.oauth2.jwt.JwtEncodingException

Constructs a JwtEncodingException using the provided parameters.

JwtEncodingException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.jwt.JwtEncodingException

Constructs a JwtEncodingException using the provided parameters.

JwtException - Exception in org.springframework.security.oauth2.jwt

Base exception for all JSON Web Token (JWT) related errors.

JwtException(String) - Constructor for exception org.springframework.security.oauth2.jwt.JwtException

Constructs a JwtException using the provided parameters.

JwtException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.jwt.JwtException

Constructs a JwtException using the provided parameters.

JwtGrantedAuthoritiesConverter - Class in org.springframework.security.oauth2.server.resource.authentication

Extracts the GrantedAuthoritys from scope attributes typically found in a Jwt.

JwtGrantedAuthoritiesConverter() - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter

JwtIssuerAuthenticationManagerResolver - Class in org.springframework.security.oauth2.server.resource.authentication

An implementation of AuthenticationManagerResolver that resolves a JWT-based AuthenticationManager based on the Issuer in a signed JWT (JWS).

JwtIssuerAuthenticationManagerResolver(String...) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver

Deprecated, for removal: This API element is subject to removal in a future version.

use JwtIssuerAuthenticationManagerResolver.fromTrustedIssuers(String...)

JwtIssuerAuthenticationManagerResolver(Collection<String>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver

Deprecated, for removal: This API element is subject to removal in a future version.

use JwtIssuerAuthenticationManagerResolver.fromTrustedIssuers(Collection)

JwtIssuerAuthenticationManagerResolver(AuthenticationManagerResolver<String>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver

Construct a JwtIssuerAuthenticationManagerResolver using the provided parameters Note that the AuthenticationManagerResolver provided in this constructor will need to verify that the issuer is trusted.

JwtIssuerReactiveAuthenticationManagerResolver - Class in org.springframework.security.oauth2.server.resource.authentication

An implementation of ReactiveAuthenticationManagerResolver that resolves a JWT-based ReactiveAuthenticationManager based on the Issuer in a signed JWT (JWS).

JwtIssuerReactiveAuthenticationManagerResolver(String...) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver

Deprecated, for removal: This API element is subject to removal in a future version.

use JwtIssuerReactiveAuthenticationManagerResolver.fromTrustedIssuers(String...)

JwtIssuerReactiveAuthenticationManagerResolver(Collection<String>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver

Deprecated, for removal: This API element is subject to removal in a future version.

use JwtIssuerReactiveAuthenticationManagerResolver.fromTrustedIssuers(Collection)

JwtIssuerReactiveAuthenticationManagerResolver(ReactiveAuthenticationManagerResolver<String>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver

Construct a JwtIssuerReactiveAuthenticationManagerResolver using the provided parameters Note that the ReactiveAuthenticationManagerResolver provided in this constructor will need to verify that the issuer is trusted.

JwtIssuerValidator - Class in org.springframework.security.oauth2.jwt

Validates the "iss" claim in a Jwt, that is matches a configured value

JwtIssuerValidator(String) - Constructor for class org.springframework.security.oauth2.jwt.JwtIssuerValidator

Constructs a JwtIssuerValidator using the provided parameters

jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<JWKSecurityContext>>) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder

Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusReactiveJwtDecoder.

jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<JWKSecurityContext>>) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder

Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusReactiveJwtDecoder.

jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<SecurityContext>>) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder

Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusJwtDecoder.

jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<SecurityContext>>) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.PublicKeyJwtDecoderBuilder

Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusJwtDecoder.

jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<SecurityContext>>) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.SecretKeyJwtDecoderBuilder

Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusJwtDecoder.

jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<SecurityContext>>) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder

Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusReactiveJwtDecoder.

jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<SecurityContext>>) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder

Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusReactiveJwtDecoder.

JwtReactiveAuthenticationManager - Class in org.springframework.security.oauth2.server.resource.authentication

A ReactiveAuthenticationManager for Jwt tokens.

JwtReactiveAuthenticationManager(ReactiveJwtDecoder) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager

JwtSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

JwtTimestampValidator - Class in org.springframework.security.oauth2.jwt

An implementation of OAuth2TokenValidator for verifying claims in a Jwt-based access token

JwtTimestampValidator() - Constructor for class org.springframework.security.oauth2.jwt.JwtTimestampValidator

A basic instance with no custom verification and the default max clock skew

JwtTimestampValidator(Duration) - Constructor for class org.springframework.security.oauth2.jwt.JwtTimestampValidator

JwtValidationException - Exception in org.springframework.security.oauth2.jwt

An exception that results from an unsuccessful OAuth2TokenValidatorResult

JwtValidationException(String, Collection<OAuth2Error>) - Constructor for exception org.springframework.security.oauth2.jwt.JwtValidationException

Constructs a JwtValidationException using the provided parameters While each OAuth2Error does contain an error description, this constructor can take an overarching description that encapsulates the composition of failures That said, it is appropriate to pass one of the messages from the error list in as the exception description, for example:

JwtValidators - Class in org.springframework.security.oauth2.jwt

Provides factory methods for creating OAuth2TokenValidator<Jwt>

K

key(String) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer

Sets the key to identify tokens created for anonymous authentication.

key(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

Sets the key to identify tokens created for remember me authentication.

key(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec

Sets the key to identify tokens created for anonymous authentication.

KeyBasedPersistenceTokenService - Class in org.springframework.security.core.token

Basic implementation of TokenService that is compatible with clusters and across machine restarts, without requiring database persistence.

KeyBasedPersistenceTokenService() - Constructor for class org.springframework.security.core.token.KeyBasedPersistenceTokenService

KeyGenerators - Class in org.springframework.security.crypto.keygen

Factory for commonly used key generators.

keyId(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder

Sets the key ID that is a hint indicating which key was used to secure the JWS or JWE.

KeyStoreKeyFactory - Class in org.springframework.security.crypto.encrypt

KeyStoreKeyFactory(Resource, char[]) - Constructor for class org.springframework.security.crypto.encrypt.KeyStoreKeyFactory

KeyStoreKeyFactory(Resource, char[], String) - Constructor for class org.springframework.security.crypto.encrypt.KeyStoreKeyFactory

KID - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames

kid - the key ID header is a hint indicating which key was used to secure a JWS or JWE

L

label(String) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder

LAST - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder

LAST - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

lastUsed(Instant) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder

LazyCsrfTokenRepository - Class in org.springframework.security.web.csrf

Deprecated.

Use CsrfTokenRepository.loadDeferredToken(HttpServletRequest, HttpServletResponse) which returns a DeferredCsrfToken

LazyCsrfTokenRepository(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.LazyCsrfTokenRepository

Deprecated.

Creates a new instance

LDAP_AUTHORITIES_POPULATOR_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

LDAP_PASSWORD_COMPARE - Static variable in class org.springframework.security.config.Elements

LDAP_PROVIDER - Static variable in class org.springframework.security.config.Elements

LDAP_SEARCH_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

LDAP_SERVER - Static variable in class org.springframework.security.config.Elements

LDAP_USER_MAPPER_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

LDAP_USER_SERVICE - Static variable in class org.springframework.security.config.Elements

ldapAuthentication() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

Add LDAP authentication to the AuthenticationManagerBuilder and return a LdapAuthenticationProviderConfigurer to allow customization of the LDAP authentication.

LdapAuthenticationProvider - Class in org.springframework.security.ldap.authentication

An AuthenticationProvider implementation that authenticates against an LDAP server.

LdapAuthenticationProvider(LdapAuthenticator) - Constructor for class org.springframework.security.ldap.authentication.LdapAuthenticationProvider

Creates an instance with the supplied authenticator and a null authorities populator.

LdapAuthenticationProvider(LdapAuthenticator, LdapAuthoritiesPopulator) - Constructor for class org.springframework.security.ldap.authentication.LdapAuthenticationProvider

Create an instance with the supplied authenticator and authorities populator implementations.

LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuilder<B>> - Class in org.springframework.security.config.annotation.authentication.configurers.ldap

Configures LDAP AuthenticationProvider in the ProviderManagerBuilder.

LdapAuthenticationProviderConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

LdapAuthenticationProviderConfigurer.ContextSourceBuilder - Class in org.springframework.security.config.annotation.authentication.configurers.ldap

Allows building a BaseLdapPathContextSource and optionally creating an embedded LDAP instance.

LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer - Class in org.springframework.security.config.annotation.authentication.configurers.ldap

Sets up Password based comparison

LdapAuthenticator - Interface in org.springframework.security.ldap.authentication

The strategy interface for locating and authenticating an Ldap user.

ldapAuthoritiesPopulator(LdapAuthoritiesPopulator) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

Specifies the LdapAuthoritiesPopulator.

LdapAuthoritiesPopulator - Interface in org.springframework.security.ldap.userdetails

Obtains a list of granted authorities for an Ldap user.

LdapAuthority - Class in org.springframework.security.ldap.userdetails

An authority that contains at least a DN and a role name for an LDAP entry but can also contain other desired attributes to be fetched during an LDAP authority search.

LdapAuthority(String, String) - Constructor for class org.springframework.security.ldap.userdetails.LdapAuthority

Constructs an LdapAuthority that has a role and a DN but no other attributes

LdapAuthority(String, String, Map<String, List<String>>) - Constructor for class org.springframework.security.ldap.userdetails.LdapAuthority

Constructs an LdapAuthority with the given role, DN and other LDAP attributes

LdapBindAuthenticationManagerFactory - Class in org.springframework.security.config.ldap

Creates an AuthenticationManager that can perform LDAP authentication using bind authentication.

LdapBindAuthenticationManagerFactory(BaseLdapPathContextSource) - Constructor for class org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory

LdapJackson2Module - Class in org.springframework.security.ldap.jackson2

Jackson module for spring-security-ldap.

LdapJackson2Module() - Constructor for class org.springframework.security.ldap.jackson2.LdapJackson2Module

LdapPasswordComparisonAuthenticationManagerFactory - Class in org.springframework.security.config.ldap

Creates an AuthenticationManager that can perform LDAP authentication using password comparison.

LdapPasswordComparisonAuthenticationManagerFactory(BaseLdapPathContextSource, PasswordEncoder) - Constructor for class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory

LdapProviderBeanDefinitionParser - Class in org.springframework.security.config.ldap

Ldap authentication provider namespace configuration.

LdapProviderBeanDefinitionParser() - Constructor for class org.springframework.security.config.ldap.LdapProviderBeanDefinitionParser

LdapServerBeanDefinitionParser - Class in org.springframework.security.config.ldap

LdapServerBeanDefinitionParser() - Constructor for class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser

LdapShaPasswordEncoder - Class in org.springframework.security.crypto.password

Deprecated.

Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use DelegatingPasswordEncoder which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.

LdapShaPasswordEncoder() - Constructor for class org.springframework.security.crypto.password.LdapShaPasswordEncoder

Deprecated.

LdapShaPasswordEncoder(BytesKeyGenerator) - Constructor for class org.springframework.security.crypto.password.LdapShaPasswordEncoder

Deprecated.

LdapUserDetails - Interface in org.springframework.security.ldap.userdetails

Captures the information for a user's LDAP entry.

LdapUserDetailsImpl - Class in org.springframework.security.ldap.userdetails

A UserDetails implementation which is used internally by the Ldap services.

LdapUserDetailsImpl() - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl

LdapUserDetailsImpl.Essence - Class in org.springframework.security.ldap.userdetails

Variation of essence pattern.

LdapUserDetailsManager - Class in org.springframework.security.ldap.userdetails

An Ldap implementation of UserDetailsManager.

LdapUserDetailsManager(ContextSource) - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

LdapUserDetailsMapper - Class in org.springframework.security.ldap.userdetails

The context mapper used by the LDAP authentication provider to create an LDAP user object.

LdapUserDetailsMapper() - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper

LdapUserDetailsService - Class in org.springframework.security.ldap.userdetails

LDAP implementation of UserDetailsService based around an LdapUserSearch and an LdapAuthoritiesPopulator.

LdapUserDetailsService(LdapUserSearch) - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsService

LdapUserDetailsService(LdapUserSearch, LdapAuthoritiesPopulator) - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsService

LdapUsernameToDnMapper - Interface in org.springframework.security.ldap

Constructs an Ldap Distinguished Name from a username.

LdapUserSearch - Interface in org.springframework.security.ldap.search

Obtains a user's information from the LDAP directory given a login name.

LdapUserServiceBeanDefinitionParser - Class in org.springframework.security.config.ldap

LdapUserServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

LdapUtils - Class in org.springframework.security.ldap

LDAP Utility methods.

ldif(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder

Specifies an ldif to load at startup for an embedded LDAP server.

ListeningSecurityContextHolderStrategy - Class in org.springframework.security.core.context

An API for notifying when the SecurityContext changes.

ListeningSecurityContextHolderStrategy(Collection<SecurityContextChangedListener>) - Constructor for class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy

Construct a ListeningSecurityContextHolderStrategy based on ThreadLocalSecurityContextHolderStrategy

ListeningSecurityContextHolderStrategy(SecurityContextChangedListener...) - Constructor for class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy

Construct a ListeningSecurityContextHolderStrategy based on ThreadLocalSecurityContextHolderStrategy

ListeningSecurityContextHolderStrategy(SecurityContextHolderStrategy, Collection<SecurityContextChangedListener>) - Constructor for class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy

Construct a ListeningSecurityContextHolderStrategy

ListeningSecurityContextHolderStrategy(SecurityContextHolderStrategy, SecurityContextChangedListener...) - Constructor for class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy

Construct a ListeningSecurityContextHolderStrategy

load(HttpServletRequest) - Method in class org.springframework.security.web.webauthn.authentication.HttpSessionPublicKeyCredentialRequestOptionsRepository

load(HttpServletRequest) - Method in interface org.springframework.security.web.webauthn.authentication.PublicKeyCredentialRequestOptionsRepository

Gets a saved PublicKeyCredentialRequestOptions if it exists, otherwise null.

load(HttpServletRequest) - Method in class org.springframework.security.web.webauthn.registration.HttpSessionPublicKeyCredentialCreationOptionsRepository

load(HttpServletRequest) - Method in interface org.springframework.security.web.webauthn.registration.PublicKeyCredentialCreationOptionsRepository

Gets a saved PublicKeyCredentialCreationOptions if it exists, otherwise null.

load(MvcResult) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher

load(ServerWebExchange) - Method in class org.springframework.security.web.server.context.NoOpServerSecurityContextRepository

load(ServerWebExchange) - Method in interface org.springframework.security.web.server.context.ServerSecurityContextRepository

Loads the SecurityContext associated with the ServerWebExchange

load(ServerWebExchange) - Method in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository

loadAuthenticationRequest(HttpServletRequest) - Method in class org.springframework.security.saml2.provider.service.web.HttpSessionSaml2AuthenticationRequestRepository

loadAuthenticationRequest(HttpServletRequest) - Method in interface org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestRepository

Loads the AbstractSaml2AuthenticationRequest from the request

loadAuthorizationRequest(HttpServletRequest) - Method in interface org.springframework.security.oauth2.client.web.AuthorizationRequestRepository

Returns the OAuth2AuthorizationRequest associated to the provided HttpServletRequest or null if not available.

loadAuthorizationRequest(HttpServletRequest) - Method in class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository

loadAuthorizationRequest(ServerWebExchange) - Method in interface org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository

Returns the OAuth2AuthorizationRequest associated to the provided HttpServletRequest or null if not available.

loadAuthorizationRequest(ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.WebSessionOAuth2ServerAuthorizationRequestRepository

loadAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService

loadAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService

loadAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService

loadAuthorizedClient(String, String) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizedClientService

Returns the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User's Principal name or null if not available.

loadAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService

loadAuthorizedClient(String, String) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService

Returns the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User's Principal name or null if not available.

loadAuthorizedClient(String, Authentication, HttpServletRequest) - Method in class org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository

loadAuthorizedClient(String, Authentication, HttpServletRequest) - Method in class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizedClientRepository

loadAuthorizedClient(String, Authentication, HttpServletRequest) - Method in interface org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository

Returns the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User Authentication (Resource Owner) or null if not available.

loadAuthorizedClient(String, Authentication, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository

loadAuthorizedClient(String, Authentication, ServerWebExchange) - Method in interface org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository

Returns the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User Authentication (Resource Owner) or null if not available.

loadAuthorizedClient(String, Authentication, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.WebSessionServerOAuth2AuthorizedClientRepository

loadContext(HttpRequestResponseHolder) - Method in class org.springframework.security.web.context.DelegatingSecurityContextRepository

loadContext(HttpRequestResponseHolder) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository

Gets the security context for the current request (if available) and returns it.

loadContext(HttpRequestResponseHolder) - Method in class org.springframework.security.web.context.NullSecurityContextRepository

loadContext(HttpRequestResponseHolder) - Method in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository

loadContext(HttpRequestResponseHolder) - Method in interface org.springframework.security.web.context.SecurityContextRepository

Deprecated.

Use SecurityContextRepository.loadDeferredContext(HttpServletRequest) instead.

loadDeferredContext(HttpServletRequest) - Method in class org.springframework.security.web.context.DelegatingSecurityContextRepository

loadDeferredContext(HttpServletRequest) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository

loadDeferredContext(HttpServletRequest) - Method in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository

loadDeferredContext(HttpServletRequest) - Method in interface org.springframework.security.web.context.SecurityContextRepository

Defers loading the SecurityContext using the HttpServletRequest until it is needed by the application.

loadDeferredToken(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.csrf.CsrfTokenRepository

Defers loading the CsrfToken using the HttpServletRequest and HttpServletResponse until it is needed by the application.

loadGroupAuthorities(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

Loads authorities by executing the SQL from groupAuthoritiesByUsernameQuery.

loadLogoutRequest(HttpServletRequest) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.HttpSessionLogoutRequestRepository

Returns the Saml2LogoutRequest associated to the provided HttpServletRequest or null if not available.

loadLogoutRequest(HttpServletRequest) - Method in interface org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestRepository

Returns the Saml2LogoutRequest associated to the provided HttpServletRequest or null if not available.

loadToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

loadToken(HttpServletRequest) - Method in interface org.springframework.security.web.csrf.CsrfTokenRepository

Loads the expected CsrfToken from the HttpServletRequest

loadToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository

loadToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.LazyCsrfTokenRepository

Deprecated.

Delegates to the injected CsrfTokenRepository

loadToken(ServerWebExchange) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

loadToken(ServerWebExchange) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRepository

Loads the expected CsrfToken from the ServerWebExchange

loadToken(ServerWebExchange) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository

loadUser(OidcUserRequest) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService

loadUser(OidcUserRequest) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService

loadUser(OAuth2UserRequest) - Method in class org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService

loadUser(OAuth2UserRequest) - Method in class org.springframework.security.oauth2.client.userinfo.DefaultReactiveOAuth2UserService

loadUser(R) - Method in class org.springframework.security.oauth2.client.userinfo.DelegatingOAuth2UserService

loadUser(R) - Method in interface org.springframework.security.oauth2.client.userinfo.OAuth2UserService

Returns an OAuth2User after obtaining the user attributes of the End-User from the UserInfo Endpoint.

loadUser(R) - Method in interface org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService

Returns an OAuth2User after obtaining the user attributes of the End-User from the UserInfo Endpoint.

loadUserAuthorities(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

Loads authorities by executing the SQL from authoritiesByUsernameQuery.

loadUserAuthorities(DirContextOperations, String, String) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

loadUserAuthorities(DirContextOperations, String, String) - Method in class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider

Creates the user authority list from the values of the memberOf attribute obtained from the user's Active Directory entry.

loadUserAuthorities(DirContextOperations, String, String) - Method in class org.springframework.security.ldap.authentication.LdapAuthenticationProvider

loadUserByAssertion(Assertion) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider

Template method for retrieving the UserDetails based on the assertion.

loadUserByUsername(String) - Method in class org.springframework.security.authentication.CachingUserDetailsService

loadUserByUsername(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

loadUserByUsername(String) - Method in interface org.springframework.security.core.userdetails.UserDetailsService

Locates the user based on the username.

loadUserByUsername(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

loadUserByUsername(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsService

loadUserByUsername(String) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager

loadUserDetails(Assertion) - Method in class org.springframework.security.cas.userdetails.AbstractCasAssertionUserDetailsService

Protected template method for construct a UserDetails via the supplied CAS assertion.

loadUserDetails(Assertion) - Method in class org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService

loadUserDetails(CasAssertionAuthenticationToken) - Method in class org.springframework.security.cas.userdetails.AbstractCasAssertionUserDetailsService

loadUserDetails(PreAuthenticatedAuthenticationToken) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService

Get a UserDetails object based on the user name contained in the given token, and the GrantedAuthorities as returned by the GrantedAuthoritiesContainer implementation as returned by the token.getDetails() method.

loadUserDetails(T) - Method in interface org.springframework.security.core.userdetails.AuthenticationUserDetailsService

loadUserDetails(T) - Method in class org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper

Get the UserDetails object from the wrapped UserDetailsService implementation

loadUsersByUsername(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

Executes the SQL usersByUsernameQuery and returns a list of UserDetails objects.

loadUsersByUsername(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

Executes the SQL usersByUsernameQuery and returns a list of UserDetails objects.

lobHandler - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService

lobHandler - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper

locale(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Use this locale in the resulting OidcUserInfo

LOCALE - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames

locale - the user's locale

locality(String) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder

Sets the city or locality.

location(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder

Use this location for the SAML 2.0 logout endpoint By default, the asserting party's endpoint is used

location(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder

Use this location for the SAML 2.0 logout endpoint By default, the asserting party's endpoint is used

LockedException - Exception in org.springframework.security.authentication

Thrown if an authentication request is rejected because the account is locked.

LockedException(String) - Constructor for exception org.springframework.security.authentication.LockedException

Constructs a LockedException with the specified message.

LockedException(String, Throwable) - Constructor for exception org.springframework.security.authentication.LockedException

Constructs a LockedException with the specified message and root cause.

log - Static variable in class org.springframework.security.acls.jdbc.JdbcAclService

log - Variable in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider

log - Static variable in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider

log - Variable in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy

Deprecated.

Logger for use by subclasses

logger - Variable in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler

logger - Variable in class org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice

Deprecated.

logger - Variable in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

logger - Static variable in class org.springframework.security.access.intercept.AfterInvocationProviderManager

Deprecated.

logger - Static variable in class org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator

Deprecated.

logger - Variable in class org.springframework.security.access.method.AbstractMethodSecurityMetadataSource

Deprecated.

logger - Variable in class org.springframework.security.access.prepost.PostInvocationAdviceProvider

Deprecated.

logger - Variable in class org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter

Deprecated.

logger - Variable in class org.springframework.security.access.vote.AbstractAccessDecisionManager

Deprecated.

logger - Static variable in class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider

logger - Static variable in class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider

logger - Variable in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager

logger - Variable in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

logger - Variable in class org.springframework.security.config.http.FormLoginBeanDefinitionParser

logger - Variable in class org.springframework.security.core.session.SessionRegistryImpl

logger - Variable in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

logger - Variable in class org.springframework.security.ldap.DefaultSpringSecurityContextSource

logger - Variable in class org.springframework.security.messaging.util.matcher.AbstractMessageMatcherComposite

logger - Variable in class org.springframework.security.provisioning.InMemoryUserDetailsManager

logger - Variable in class org.springframework.security.provisioning.JdbcUserDetailsManager

logger - Static variable in class org.springframework.security.taglibs.authz.AccessControlListTag

logger - Static variable in class org.springframework.security.web.access.AccessDeniedHandlerImpl

logger - Variable in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint

logger - Static variable in class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator

Deprecated.

logger - Variable in class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource

logger - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

logger - Variable in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler

logger - Variable in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource

logger - Variable in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever

logger - Variable in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor

logger - Variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

logger - Variable in class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler

logger - Variable in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy

logger - Variable in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler

logger - Variable in class org.springframework.security.web.context.HttpSessionSecurityContextRepository

logger - Variable in class org.springframework.security.web.DefaultRedirectStrategy

logger - Variable in class org.springframework.security.web.savedrequest.CookieRequestCache

logger - Static variable in class org.springframework.security.web.savedrequest.DefaultSavedRequest

logger - Variable in class org.springframework.security.web.savedrequest.HttpSessionRequestCache

logger - Variable in class org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter

LOGGER - Variable in class org.springframework.security.messaging.util.matcher.AbstractMessageMatcherComposite

Deprecated.

since 5.4 in favor of AbstractMessageMatcherComposite.logger

LoggerListener - Class in org.springframework.security.access.event

Deprecated.

Logging is now embedded in Spring Security components. If you need further logging, please consider using your own ApplicationListener

LoggerListener - Class in org.springframework.security.authentication.event

Outputs authentication-related application events to Commons Logging.

LoggerListener() - Constructor for class org.springframework.security.access.event.LoggerListener

Deprecated.

LoggerListener() - Constructor for class org.springframework.security.authentication.event.LoggerListener

logIfNeeded(boolean, AccessControlEntry) - Method in interface org.springframework.security.acls.domain.AuditLogger

logIfNeeded(boolean, AccessControlEntry) - Method in class org.springframework.security.acls.domain.ConsoleAuditLogger

login() - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule

Authenticate the Subject (phase one) by extracting the Spring Security Authentication from the current SecurityContext.

LOGIN_PAGE_GENERATING - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

LoginExceptionResolver - Interface in org.springframework.security.authentication.jaas

The JaasAuthenticationProvider takes an instance of LoginExceptionResolver to resolve LoginModule specific exceptions to Spring Security AuthenticationExceptions.

loginFail(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.NullRememberMeServices

loginFail(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

loginFail(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.authentication.RememberMeServices

Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid.

loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Specifies the URL to send users to if login is required.

loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer

Specifies the URL to send users to if login is required.

loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

loginPage(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

Configures the log in page to redirect to, the authentication failure page, and when authentication is performed.

loginPage(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

Specifies the URL to send users to if login is required.

LoginPageGeneratingWebFilter - Class in org.springframework.security.web.server.ui

Generates a default log in page used for authenticating users.

LoginPageGeneratingWebFilter() - Constructor for class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter

loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Specifies the URL to validate the credentials.

loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer

Specifies the URL to process the login request, defaults to /login/ott.

loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

Specifies the URL to validate the credentials.

loginProcessingUrl(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec

Specifies the URL to process the login request, defaults to /login/ott.

loginProcessingUrl(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder

Specifies the URL to POST to.

loginProcessingUrl(String, Object...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder

Specifies the URL to POST to.

loginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.NullRememberMeServices

loginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

Called whenever an interactive authentication attempt is successful.

loginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in interface org.springframework.security.web.authentication.RememberMeServices

Called whenever an interactive authentication attempt is successful.

LoginUrlAuthenticationEntryPoint - Class in org.springframework.security.web.authentication

Used by the ExceptionTranslationFilter to commence a form login authentication via the UsernamePasswordAuthenticationFilter.

LoginUrlAuthenticationEntryPoint(String) - Constructor for class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

logout() - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule

Log out the Subject.

logout() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.logout(Customizer) or logout(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

logout() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.logout(Customizer) or logout(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

logout() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders

Creates a logout request.

logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcBackChannelLogoutHandler

logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.CompositeLogoutHandler

logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler

logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler

logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in interface org.springframework.security.web.authentication.logout.LogoutHandler

Causes a logout to be completed.

logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler

logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler

Requires the request to be passed in.

logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

Implementation of LogoutHandler.

logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices

logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.csrf.CsrfLogoutHandler

Clears the CsrfToken

logout(String) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders

Creates a logout request (including any necessary CsrfToken) to the specified logoutUrl

logout(Customizer<LogoutConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Provides logout support.

logout(Customizer<ServerHttpSecurity.LogoutSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures log out.

logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.config.web.server.OidcBackChannelServerLogoutHandler

logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler

logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.HeaderWriterServerLogoutHandler

logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler

logout(WebFilterExchange, Authentication) - Method in interface org.springframework.security.web.server.authentication.logout.ServerLogoutHandler

Invoked when log out is requested

logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.WebSessionServerLogoutHandler

logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.csrf.CsrfServerLogoutHandler

Clears the CsrfToken

LOGOUT - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

LOGOUT - Static variable in class org.springframework.security.config.Elements

LOGOUT_PAGE_GENERATING - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

LogoutConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds logout support.

LogoutConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

Creates a new instance

LogoutFilter - Class in org.springframework.security.web.authentication.logout

Logs a principal out.

LogoutFilter(String, LogoutHandler...) - Constructor for class org.springframework.security.web.authentication.logout.LogoutFilter

LogoutFilter(LogoutSuccessHandler, LogoutHandler...) - Constructor for class org.springframework.security.web.authentication.logout.LogoutFilter

Constructor which takes a LogoutSuccessHandler instance to determine the target destination after logging out.

logoutHandler(LogoutHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer.BackChannelLogoutConfigurer

Configure what and how per-session logout will be performed.

logoutHandler(ServerLogoutHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec

Configures the logout handler.

logoutHandler(ServerLogoutHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer

Configure what and how per-session logout will be performed.

LogoutHandler - Interface in org.springframework.security.web.authentication.logout

Indicates a class that is able to participate in logout handling.

LogoutPageGeneratingWebFilter - Class in org.springframework.security.web.server.ui

Generates a default log out page.

LogoutPageGeneratingWebFilter() - Constructor for class org.springframework.security.web.server.ui.LogoutPageGeneratingWebFilter

logoutRequest() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use Saml2LogoutConfigurer.logoutRequest(Customizer) or logoutRequest(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

logoutRequest(Customizer<Saml2LogoutConfigurer.LogoutRequestConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer

Configures SAML 2.0 Logout Request components

logoutRequestMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

The RequestMatcher that triggers log out to occur.

logoutRequestRepository(Saml2LogoutRequestRepository) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer

Use this Saml2LogoutRequestRepository for storing logout requests

logoutRequestResolver(Saml2LogoutRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer

Use this Saml2LogoutRequestResolver for producing a logout request to send to the asserting party

logoutRequestValidator(Saml2LogoutRequestValidator) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer

Use this LogoutHandler for processing a logout request from the asserting party

logoutResponse() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use Saml2LogoutConfigurer.logoutResponse(Customizer) or logoutResponse(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

logoutResponse(Customizer<Saml2LogoutConfigurer.LogoutResponseConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer

Configures SAML 2.0 Logout Response components

logoutResponseResolver(Saml2LogoutResponseResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer

Use this Saml2LogoutRequestResolver for producing a logout response to send to the asserting party

logoutResponseValidator(Saml2LogoutResponseValidator) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer

Use this LogoutHandler for processing a logout response from the asserting party

LogoutSuccessEvent - Class in org.springframework.security.authentication.event

Application event which indicates successful logout

LogoutSuccessEvent(Authentication) - Constructor for class org.springframework.security.authentication.event.LogoutSuccessEvent

LogoutSuccessEventPublishingLogoutHandler - Class in org.springframework.security.web.authentication.logout

A logout handler which publishes LogoutSuccessEvent

LogoutSuccessEventPublishingLogoutHandler() - Constructor for class org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler

logoutSuccessHandler(LogoutSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

Sets the LogoutSuccessHandler to use.

logoutSuccessHandler(ServerLogoutSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec

LogoutSuccessHandler - Interface in org.springframework.security.web.authentication.logout

Strategy that is called after a successful logout by the LogoutFilter, to handle redirection or forwarding to the appropriate destination.

logoutSuccessUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

The URL to redirect to after logout has occurred.

LogoutTokenClaimAccessor - Interface in org.springframework.security.oauth2.client.oidc.authentication.logout

A ClaimAccessor for the "claims" that can be returned in OIDC Logout Tokens

LogoutTokenClaimNames - Class in org.springframework.security.oauth2.client.oidc.authentication.logout

The names of the "claims" defined by the OpenID Back-Channel Logout 1.0 specification that can be returned in a Logout Token.

logoutUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer.BackChannelLogoutConfigurer

Use this endpoint when invoking a back-channel logout.

logoutUri(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer

Use this endpoint when invoking a back-channel logout.

logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

The URL that triggers log out to occur (default is "/logout").

logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer

The URL by which the asserting party can send a SAML 2.0 Logout Request

logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer

The URL by which the asserting party can send a SAML 2.0 Logout Response

logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer

The URL by which the relying or asserting party can trigger logout.

logoutUrl(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec

Configures what URL a POST to will trigger a log out.

logoutUrl(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.LogoutRequestBuilder

Specifies the logout URL to POST to.

logoutUrl(String, Object...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.LogoutRequestBuilder

Specifies the logout URL to POST to.

LogoutWebFilter - Class in org.springframework.security.web.server.authentication.logout

If the request matches, logs an authenticated user out by delegating to a ServerLogoutHandler.

LogoutWebFilter() - Constructor for class org.springframework.security.web.server.authentication.logout.LogoutWebFilter

lookupHttpPort(Integer) - Method in interface org.springframework.security.web.PortMapper

Locates the HTTP port associated with the specified HTTPS port.

lookupHttpPort(Integer) - Method in class org.springframework.security.web.PortMapperImpl

lookupHttpsPort(Integer) - Method in interface org.springframework.security.web.PortMapper

Locates the HTTPS port associated with the specified HTTP port.

lookupHttpsPort(Integer) - Method in class org.springframework.security.web.PortMapperImpl

LookupStrategy - Interface in org.springframework.security.acls.jdbc

Performs lookups for AclService.

M

macAlgorithm(MacAlgorithm) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.SecretKeyJwtDecoderBuilder

Use the given algorithm when generating the MAC.

macAlgorithm(MacAlgorithm) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder

Use the given algorithm when generating the MAC.

MacAlgorithm - Enum Class in org.springframework.security.oauth2.jose.jws

An enumeration of the cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification and used by JSON Web Signature (JWS) to create a MAC of the contents of the JWS Protected Header and JWS Payload.

makeTokenSignature(long, String, String) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices

Calculates the digital signature to be put in the cookie.

makeTokenSignature(long, String, String, TokenBasedRememberMeServices.RememberMeTokenAlgorithm) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices

Calculates the digital signature to be put in the cookie.

MALFORMED_REQUEST_DATA - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes

The serialized AuthNRequest could not be deserialized correctly.

MALFORMED_RESPONSE_DATA - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes

The response data is malformed or incomplete.

managerDn(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder

Username (DN) of the "manager" user identity (i.e.

managerPassword(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder

The password for the manager DN.

mapAuthorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyAuthoritiesMapper

mapAuthorities(Collection<? extends GrantedAuthority>) - Method in interface org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper

mapAuthorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.core.authority.mapping.NullAuthoritiesMapper

mapAuthorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper

Creates a mapping of the supplied authorities based on the case-conversion and prefix settings.

MapBasedAttributes2GrantedAuthoritiesMapper - Class in org.springframework.security.core.authority.mapping

This class implements the Attributes2GrantedAuthoritiesMapper and MappableAttributesRetriever interfaces based on the supplied Map.

MapBasedAttributes2GrantedAuthoritiesMapper() - Constructor for class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper

MapBasedMethodSecurityMetadataSource - Class in org.springframework.security.access.method

Deprecated.

Use the use-authorization-manager attribute for <method-security> and <intercept-methods> instead or use annotation-based or AuthorizationManager-based authorization

MapBasedMethodSecurityMetadataSource() - Constructor for class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource

Deprecated.

MapBasedMethodSecurityMetadataSource(Map<String, List<ConfigAttribute>>) - Constructor for class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource

Deprecated.

Creates the MapBasedMethodSecurityMetadataSource from a

MappableAttributesRetriever - Interface in org.springframework.security.core.authority.mapping

Interface to be implemented by classes that can retrieve a list of mappable security attribute strings (for example the list of all available J2EE roles in a web or EJB application).

mappableAuthorities(String...) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer

Specifies roles to use map from the HttpServletRequest to the UserDetails.

mappableAuthorities(Set<String>) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer

Specifies roles to use map from the HttpServletRequest to the UserDetails.

mappableRoles(String...) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer

Specifies roles to use map from the HttpServletRequest to the UserDetails and automatically prefixes it with "ROLE_".

mapPassword(Object) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper

Extension point to allow customized creation of the user's password from the attribute stored in the directory.

MappedJwtClaimSetConverter - Class in org.springframework.security.oauth2.jwt

Converts a JWT claim set, claim by claim.

MappedJwtClaimSetConverter(Map<String, Converter<Object, ?>>) - Constructor for class org.springframework.security.oauth2.jwt.MappedJwtClaimSetConverter

Constructs a MappedJwtClaimSetConverter with the provided arguments This will completely replace any set of default converters.

mappings(Consumer<List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>>>) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder

Allows to configure the RequestMatcher to AuthorizationManager mappings.

MapPublicKeyCredentialUserEntityRepository - Class in org.springframework.security.web.webauthn.management

A Map based implementation of PublicKeyCredentialUserEntityRepository.

MapPublicKeyCredentialUserEntityRepository() - Constructor for class org.springframework.security.web.webauthn.management.MapPublicKeyCredentialUserEntityRepository

MapReactiveUserDetailsService - Class in org.springframework.security.core.userdetails

A Map based implementation of ReactiveUserDetailsService

MapReactiveUserDetailsService(Collection<UserDetails>) - Constructor for class org.springframework.security.core.userdetails.MapReactiveUserDetailsService

Creates a new instance

MapReactiveUserDetailsService(Map<String, UserDetails>) - Constructor for class org.springframework.security.core.userdetails.MapReactiveUserDetailsService

Creates a new instance using a Map that must be non blocking.

MapReactiveUserDetailsService(UserDetails...) - Constructor for class org.springframework.security.core.userdetails.MapReactiveUserDetailsService

Creates a new instance

mapRow(ResultSet, int) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper

mapsTo(int) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer.HttpPortMapping

Maps the given HTTP port to the provided HTTPS port and vice versa.

MapUserCredentialRepository - Class in org.springframework.security.web.webauthn.management

A Map based implementation of UserCredentialRepository.

MapUserCredentialRepository() - Constructor for class org.springframework.security.web.webauthn.management.MapUserCredentialRepository

mapUserFromContext(DirContextOperations, String, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper

mapUserFromContext(DirContextOperations, String, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper

mapUserFromContext(DirContextOperations, String, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.PersonContextMapper

mapUserFromContext(DirContextOperations, String, Collection<? extends GrantedAuthority>) - Method in interface org.springframework.security.ldap.userdetails.UserDetailsContextMapper

Creates a fully populated UserDetails object for use by the security framework.

mapUserToContext(UserDetails, DirContextAdapter) - Method in class org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper

mapUserToContext(UserDetails, DirContextAdapter) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper

mapUserToContext(UserDetails, DirContextAdapter) - Method in class org.springframework.security.ldap.userdetails.PersonContextMapper

mapUserToContext(UserDetails, DirContextAdapter) - Method in interface org.springframework.security.ldap.userdetails.UserDetailsContextMapper

Reverse of the above operation.

mask - Variable in class org.springframework.security.acls.domain.AbstractPermission

match() - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher.MatchResult

Creates an instance of PayloadExchangeMatcher.MatchResult that is a match with no variables

match() - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult

Creates an instance of ServerWebExchangeMatcher.MatchResult that is a match with no variables

match() - Static method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult

Creates an instance of RequestMatcher.MatchResult that is a match with no variables

match(Map<String, ? extends Object>) - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher.MatchResult

Creates an instance of PayloadExchangeMatcher.MatchResult that is a match with the specified variables

match(Map<String, Object>) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult

Creates an instance of ServerWebExchangeMatcher.MatchResult that is a match with the specified variables

match(Map<String, String>) - Static method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult

Creates an instance of RequestMatcher.MatchResult that is a match with the specified variables

match(MvcResult) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher

matcher(HttpServletRequest) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher

matcher(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AndRequestMatcher

Returns a RequestMatcher.MatchResult for this HttpServletRequest.

matcher(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher

matcher(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.OrRequestMatcher

Returns a RequestMatcher.MatchResult for this HttpServletRequest.

matcher(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.ParameterRequestMatcher

matcher(HttpServletRequest) - Method in interface org.springframework.security.web.util.matcher.RequestMatcher

Returns a MatchResult for this RequestMatcher The default implementation returns Collections.emptyMap() when RequestMatcher.MatchResult.getVariables() is invoked.

matcher(PayloadExchangeMatcher) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec

matchers - Variable in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer

matchers(MessageMatcher<?>...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Deprecated.

Maps a List of MessageMatcher instances to a security expression.

matchers(MessageMatcher<?>...) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder

Maps a List of MessageMatcher instances to a security expression.

matchers(ServerWebExchangeMatcher...) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry

Associates a list of ServerWebExchangeMatcher instances

matchers(ServerWebExchangeMatcher...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers

Creates a matcher that will match on any of the provided matchers

MatcherSecurityWebFilterChain - Class in org.springframework.security.web.server

A SecurityWebFilterChain that leverages a ServerWebExchangeMatcher to determine which WebFilter to execute.

MatcherSecurityWebFilterChain(ServerWebExchangeMatcher, List<WebFilter>) - Constructor for class org.springframework.security.web.server.MatcherSecurityWebFilterChain

MatcherType - Enum Class in org.springframework.security.config.http

Defines the RequestMatcher types supported by the namespace.

matches(byte[], byte[]) - Static method in class org.springframework.security.crypto.password.AbstractPasswordEncoder

Constant time comparison to prevent against timing attacks.

matches(HttpServletRequest) - Method in class org.springframework.security.cas.web.CasGatewayResolverRequestMatcher

matches(HttpServletRequest) - Method in class org.springframework.security.web.DefaultSecurityFilterChain

matches(HttpServletRequest) - Method in interface org.springframework.security.web.SecurityFilterChain

matches(HttpServletRequest) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher

matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AndRequestMatcher

matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher

Returns true if the configured pattern (and HTTP-Method) match those of the supplied request.

matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AnyRequestMatcher

matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.DispatcherTypeRequestMatcher

Performs the match against the request's method and dispatcher type.

matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.ELRequestMatcher

matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.IpAddressMatcher

matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher

matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.NegatedRequestMatcher

matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.OrRequestMatcher

matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.ParameterRequestMatcher

matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.RegexRequestMatcher

Performs the match of the request URL (servletPath + pathInfo + queryString ) against the compiled pattern.

matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher

matches(HttpServletRequest) - Method in interface org.springframework.security.web.util.matcher.RequestMatcher

Decides whether the rule implemented by the strategy matches the supplied request.

matches(CharSequence, String) - Method in class org.springframework.security.crypto.argon2.Argon2PasswordEncoder

matches(CharSequence, String) - Method in class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder

matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.AbstractPasswordEncoder

matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.DelegatingPasswordEncoder

matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.LdapShaPasswordEncoder

Deprecated.

Checks the validity of an unencoded password against an encoded one in the form "{SSHA}sQuQF8vj8Eg2Y1hPdh3bkQhCKQBgjhQI".

matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.Md4PasswordEncoder

Deprecated.

Takes a previously encoded password and compares it with a rawpassword after mixing in the salt and encoding that value

matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.MessageDigestPasswordEncoder

Deprecated.

Takes a previously encoded password and compares it with a rawpassword after mixing in the salt and encoding that value

matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.NoOpPasswordEncoder

Deprecated.

matches(CharSequence, String) - Method in interface org.springframework.security.crypto.password.PasswordEncoder

Verify the encoded password obtained from storage matches the submitted raw password after it too is encoded.

matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder

matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.StandardPasswordEncoder

Deprecated.

matches(CharSequence, String) - Method in class org.springframework.security.crypto.scrypt.SCryptPasswordEncoder

matches(String) - Method in class org.springframework.security.web.util.matcher.IpAddressMatcher

matches(Message<?>) - Method in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher

matches(Message<?>) - Method in class org.springframework.security.messaging.util.matcher.SimpMessageTypeMatcher

matches(Message<? extends T>) - Method in class org.springframework.security.messaging.util.matcher.AndMessageMatcher

matches(Message<? extends T>) - Method in interface org.springframework.security.messaging.util.matcher.MessageMatcher

Returns true if the Message matches, else false

matches(Message<? extends T>) - Method in class org.springframework.security.messaging.util.matcher.OrMessageMatcher

matches(PayloadExchange) - Method in interface org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher

Determines if a request matches or not

matches(PayloadExchange) - Method in class org.springframework.security.rsocket.util.matcher.RoutePayloadExchangeMatcher

matches(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.AuthenticationConverterServerWebExchangeMatcher

matches(ServerWebExchange) - Method in class org.springframework.security.web.server.MatcherSecurityWebFilterChain

matches(ServerWebExchange) - Method in interface org.springframework.security.web.server.SecurityWebFilterChain

Determines if this SecurityWebFilterChain matches the provided ServerWebExchange

matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher

matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.IpAddressServerWebExchangeMatcher

matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher

matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.NegatedServerWebExchangeMatcher

matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher

matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher

matches(ServerWebExchange) - Method in interface org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher

Determines if a request matches or not

maxAge(Duration) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec

Configures the max age.

maxAgeInSeconds(long) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig

Deprecated.

Sets the value (in seconds) for the max-age directive of the Public-Key-Pins header.

maxAgeInSeconds(long) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig

Sets the value (in seconds) for the max-age directive of the Strict-Transport-Security header.

maximumSessions(int) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer

Controls the maximum number of sessions for a user.

maximumSessions(int) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Controls the maximum number of sessions for a user.

maximumSessions(SessionLimit) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec

Sets the maximum number of sessions allowed for any user.

MaximumSessionsContext - Class in org.springframework.security.web.server.authentication

MaximumSessionsContext(Authentication, List<ReactiveSessionInformation>, int, WebSession) - Constructor for class org.springframework.security.web.server.authentication.MaximumSessionsContext

maximumSessionsExceededHandler(ServerMaximumSessionsExceededHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec

Sets the ServerMaximumSessionsExceededHandler to use when the maximum number of sessions is exceeded.

maxSessionsPreventsLogin(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer

If true, prevents a user from authenticating when the SessionManagementConfigurer.ConcurrencyControlConfigurer.maximumSessions(int) has been reached.

Md4PasswordEncoder - Class in org.springframework.security.crypto.password

Deprecated.

Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use DelegatingPasswordEncoder which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.

Md4PasswordEncoder() - Constructor for class org.springframework.security.crypto.password.Md4PasswordEncoder

Deprecated.

MD5 - Enum constant in enum class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.RememberMeTokenAlgorithm

MediaTypeRequestMatcher - Class in org.springframework.security.web.util.matcher

Allows matching HttpServletRequest based upon the MediaType's resolved from a ContentNegotiationStrategy.

MediaTypeRequestMatcher(Collection<MediaType>) - Constructor for class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher

Creates an instance

MediaTypeRequestMatcher(MediaType...) - Constructor for class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher

Creates an instance

MediaTypeRequestMatcher(ContentNegotiationStrategy, Collection<MediaType>) - Constructor for class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher

Creates an instance

MediaTypeRequestMatcher(ContentNegotiationStrategy, MediaType...) - Constructor for class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher

Creates an instance

MediaTypeServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher

Matches based upon the accept headers.

MediaTypeServerWebExchangeMatcher(Collection<MediaType>) - Constructor for class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher

Creates a new instance

MediaTypeServerWebExchangeMatcher(MediaType...) - Constructor for class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher

Creates a new instance

merge(Object) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder

merge(Object) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.LogoutRequestBuilder

mergePatterns(String, String) - Static method in class org.springframework.security.acls.domain.AclFormattingUtils

message - Variable in class org.springframework.security.messaging.access.expression.MessageSecurityExpressionRoot

MessageAuthorizationContext<T> - Class in org.springframework.security.messaging.access.intercept

An Message authorization context.

MessageAuthorizationContext(Message<T>) - Constructor for class org.springframework.security.messaging.access.intercept.MessageAuthorizationContext

Creates an instance.

MessageAuthorizationContext(Message<T>, Map<String, String>) - Constructor for class org.springframework.security.messaging.access.intercept.MessageAuthorizationContext

Creates an instance.

MessageAuthorizationContextSecurityExpressionHandler - Class in org.springframework.security.messaging.access.expression

An expression handler for MessageAuthorizationContext.

MessageAuthorizationContextSecurityExpressionHandler() - Constructor for class org.springframework.security.messaging.access.expression.MessageAuthorizationContextSecurityExpressionHandler

MessageAuthorizationContextSecurityExpressionHandler(SecurityExpressionHandler<Message<?>>) - Constructor for class org.springframework.security.messaging.access.expression.MessageAuthorizationContextSecurityExpressionHandler

MessageDigestPasswordEncoder - Class in org.springframework.security.crypto.password

Deprecated.

Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use DelegatingPasswordEncoder which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.

MessageDigestPasswordEncoder(String) - Constructor for class org.springframework.security.crypto.password.MessageDigestPasswordEncoder

Deprecated.

The digest algorithm to use Supports the named Message Digest Algorithms in the Java environment.

MessageExpressionVoter<T> - Class in org.springframework.security.messaging.access.expression

Deprecated.

Use MessageMatcherDelegatingAuthorizationManager instead

MessageExpressionVoter() - Constructor for class org.springframework.security.messaging.access.expression.MessageExpressionVoter

Deprecated.

MessageMatcher<T> - Interface in org.springframework.security.messaging.util.matcher

API for determining if a Message should be matched on.

MessageMatcherDelegatingAuthorizationManager - Class in org.springframework.security.messaging.access.intercept

MessageMatcherDelegatingAuthorizationManager.Builder - Class in org.springframework.security.messaging.access.intercept

A builder for MessageMatcherDelegatingAuthorizationManager.

MessageMatcherDelegatingAuthorizationManager.Builder.Constraint - Class in org.springframework.security.messaging.access.intercept

Represents the security constraint to be applied to the MessageMatcher instances.

messages - Variable in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

messages - Variable in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider

Deprecated.

messages - Variable in class org.springframework.security.access.vote.AbstractAccessDecisionManager

Deprecated.

messages - Variable in class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider

messages - Variable in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager

messages - Variable in class org.springframework.security.authentication.AccountStatusUserDetailsChecker

messages - Variable in class org.springframework.security.authentication.AnonymousAuthenticationProvider

messages - Variable in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

messages - Variable in class org.springframework.security.authentication.ProviderManager

messages - Variable in class org.springframework.security.authentication.RememberMeAuthenticationProvider

messages - Variable in class org.springframework.security.cas.authentication.CasAuthenticationProvider

messages - Variable in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

messages - Variable in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

messages - Variable in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator

messages - Variable in class org.springframework.security.web.access.ExceptionTranslationFilter

messages - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

messages - Variable in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor

messages - Variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

messages - Variable in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy

messages - Variable in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

messages - Variable in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter

MessageSecurityExpressionRoot - Class in org.springframework.security.messaging.access.expression

The SecurityExpressionRoot used for Message expressions.

MessageSecurityExpressionRoot(Supplier<Authentication>, Message<?>) - Constructor for class org.springframework.security.messaging.access.expression.MessageSecurityExpressionRoot

Creates an instance for the given Supplier of the Authentication and Message.

MessageSecurityExpressionRoot(Authentication, Message<?>) - Constructor for class org.springframework.security.messaging.access.expression.MessageSecurityExpressionRoot

MessageSecurityMetadataSource - Interface in org.springframework.security.messaging.access.intercept

Deprecated.

Use MessageMatcherDelegatingAuthorizationManager instead

MessageSecurityMetadataSourceRegistry - Class in org.springframework.security.config.annotation.web.messaging

Deprecated.

Use MessageMatcherDelegatingAuthorizationManager instead

MessageSecurityMetadataSourceRegistry() - Constructor for class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Deprecated.

MessageSecurityMetadataSourceRegistry.Constraint - Class in org.springframework.security.config.annotation.web.messaging

Deprecated.

Represents the security constraint to be applied to the MessageMatcher instances.

METADATA_PUSH - Enum constant in enum class org.springframework.security.rsocket.api.PayloadExchangeType

A Metadata Push exchange.

metadataResponseResolver(Saml2MetadataResponseResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2MetadataConfigurer

Use this Saml2MetadataResponseResolver to parse the request and respond with SAML 2.0 metadata.

metadataUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2MetadataConfigurer

Use this endpoint to request relying party metadata.

METHOD_ACCESS_MANAGER - Static variable in class org.springframework.security.config.BeanIds

METHOD_SECURITY - Static variable in class org.springframework.security.config.Elements

METHOD_SECURITY_METADATA_SOURCE - Static variable in class org.springframework.security.config.Elements

METHOD_SECURITY_METADATA_SOURCE_ADVISOR - Static variable in class org.springframework.security.config.BeanIds

MethodAuthorizationDeniedHandler - Interface in org.springframework.security.authorization.method

An interface used to define a strategy to handle denied method invocations

MethodExpressionAuthorizationManager - Class in org.springframework.security.authorization.method

An expression-based AuthorizationManager that determines the access by evaluating the provided expression against the MethodInvocation.

MethodExpressionAuthorizationManager(String) - Constructor for class org.springframework.security.authorization.method.MethodExpressionAuthorizationManager

Creates an instance.

MethodInvocationAdapter - Class in org.springframework.security.access.intercept.aspectj

Deprecated.

This class will be removed from the public API. See `JoinPointMethodInvocation` in `spring-security-aspects` for its replacement

MethodInvocationPrivilegeEvaluator - Class in org.springframework.security.access.intercept

Deprecated.

Use AuthorizationManager instead

MethodInvocationPrivilegeEvaluator() - Constructor for class org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator

Deprecated.

MethodInvocationResult - Class in org.springframework.security.authorization.method

A context object that contains a MethodInvocation and the result of that MethodInvocation.

MethodInvocationResult(MethodInvocation, Object) - Constructor for class org.springframework.security.authorization.method.MethodInvocationResult

Construct a MethodInvocationResult with the provided parameters

MethodInvocationUtils - Class in org.springframework.security.util

Static utility methods for creating MethodInvocations usable within Spring Security.

methodMap - Variable in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource

Deprecated.

Map from RegisteredMethod to ConfigAttribute list

MethodSecurityBeanDefinitionParser - Class in org.springframework.security.config.method

Processes the top-level "method-security" element.

MethodSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser

MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor - Class in org.springframework.security.config.method

MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean - Class in org.springframework.security.config.method

MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor - Class in org.springframework.security.config.method

MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor - Class in org.springframework.security.config.method

MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor - Class in org.springframework.security.config.method

MethodSecurityExpressionHandler - Interface in org.springframework.security.access.expression.method

Extended expression-handler facade which adds methods which are specific to securing method invocations.

MethodSecurityExpressionHandlerBean() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean

MethodSecurityExpressionOperations - Interface in org.springframework.security.access.expression.method

Interface which must be implemented if you want to use filtering in method security expressions.

methodSecurityInterceptor(MethodSecurityMetadataSource) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Deprecated.

Creates the default MethodInterceptor which is a MethodSecurityInterceptor using the following methods to construct it.

MethodSecurityInterceptor - Class in org.springframework.security.access.intercept.aopalliance

Deprecated.

Please use AuthorizationManagerBeforeMethodInterceptor and AuthorizationManagerAfterMethodInterceptor instead

MethodSecurityInterceptor() - Constructor for class org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor

Deprecated.

methodSecurityMetadataSource() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Deprecated.

Provides the default MethodSecurityMetadataSource that will be used.

MethodSecurityMetadataSource - Interface in org.springframework.security.access.method

Deprecated.

Use the use-authorization-manager attribute for <method-security> and <intercept-methods> instead or use annotation-based or AuthorizationManager-based authorization

MethodSecurityMetadataSourceAdvisor - Class in org.springframework.security.access.intercept.aopalliance

Deprecated.

Use EnableMethodSecurity or publish interceptors directly

MethodSecurityMetadataSourceAdvisor(String, MethodSecurityMetadataSource, String) - Constructor for class org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor

Deprecated.

Alternative constructor for situations where we want the advisor decoupled from the advice.

MethodSecurityMetadataSourceBeanDefinitionParser - Class in org.springframework.security.config.method

Deprecated.

Use <intercept-methods>, <method-security>, or @EnableMethodSecurity

MethodSecurityMetadataSourceBeanDefinitionParser() - Constructor for class org.springframework.security.config.method.MethodSecurityMetadataSourceBeanDefinitionParser

Deprecated.

MIDDLE_NAME - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames

middle_name - the user's middle name(s)

middleName(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Use this middle name in the resulting OidcUserInfo

migrateSession() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer

Specifies that a new session should be created and the session attributes from the original HttpSession should be retained.

MISSING_BEAN_ERROR_MESSAGE - Static variable in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean

MissingCsrfTokenException - Exception in org.springframework.security.web.csrf

Thrown when no expected CsrfToken is found but is required.

MissingCsrfTokenException(String) - Constructor for exception org.springframework.security.web.csrf.MissingCsrfTokenException

mockAuthentication(Authentication) - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers

Updates the ServerWebExchange to use the provided Authentication as the Principal

mockJwt() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers

Updates the ServerWebExchange to establish a SecurityContext that has a JwtAuthenticationToken for the Authentication and a Jwt for the Authentication.getPrincipal().

mockOAuth2Client() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers

Updates the ServerWebExchange to establish a OAuth2AuthorizedClient in the session.

mockOAuth2Client(String) - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers

Updates the ServerWebExchange to establish a OAuth2AuthorizedClient in the session.

mockOAuth2Login() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers

Updates the ServerWebExchange to establish a SecurityContext that has a OAuth2AuthenticationToken for the Authentication.

mockOidcLogin() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers

Updates the ServerWebExchange to establish a SecurityContext that has a OAuth2AuthenticationToken for the Authentication.

mockOpaqueToken() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers

Updates the ServerWebExchange to establish a SecurityContext that has a BearerTokenAuthentication for the Authentication and an OAuth2AuthenticatedPrincipal for the Authentication.getPrincipal().

mockUser() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers

Updates the ServerWebExchange to use a UserDetails to create a UsernamePasswordAuthenticationToken as the Principal.

mockUser(String) - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers

Updates the ServerWebExchange to use a UserDetails to create a UsernamePasswordAuthenticationToken as the Principal.

mockUser(UserDetails) - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers

Updates the ServerWebExchange to use the provided UserDetails to create a UsernamePasswordAuthenticationToken as the Principal

mode() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity

Deprecated.

Indicate how security advice should be applied.

mode() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity

Indicate how security advice should be applied.

mode() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity

Indicate how security advice should be applied.

mode(XFrameOptionsServerHttpHeadersWriter.Mode) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FrameOptionsSpec

The mode to configure.

MODE_GLOBAL - Static variable in class org.springframework.security.core.context.SecurityContextHolder

MODE_INHERITABLETHREADLOCAL - Static variable in class org.springframework.security.core.context.SecurityContextHolder

MODE_THREADLOCAL - Static variable in class org.springframework.security.core.context.SecurityContextHolder

modifyGrantedAuthorities(UserDetails, Authentication, Collection<? extends GrantedAuthority>) - Method in interface org.springframework.security.web.authentication.switchuser.SwitchUserAuthorityChanger

Allow subclasses to add or remove authorities that will be granted when in switch user mode.

MUST_SUPPLY_OLD_PASSWORD - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus

MutableAcl - Interface in org.springframework.security.acls.model

A mutable Acl.

MutableAclService - Interface in org.springframework.security.acls.model

Provides support for creating and storing Acl instances.

mutate() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata

mutate() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails

mutate() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration

Deprecated.

Copy the properties in this RelyingPartyRegistration into a RelyingPartyRegistration.Builder

mutate() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails

mutate() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration

Copy the properties in this RelyingPartyRegistration into a RelyingPartyRegistration.Builder

mvc - Enum constant in enum class org.springframework.security.config.http.MatcherType

MvcRequestMatcher - Class in org.springframework.security.web.servlet.util.matcher

A RequestMatcher that uses Spring MVC's HandlerMappingIntrospector to match the path and extract variables.

MvcRequestMatcher(HandlerMappingIntrospector, String) - Constructor for class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher

MvcRequestMatcher.Builder - Class in org.springframework.security.web.servlet.util.matcher

A builder for MvcRequestMatcher

N

name(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Use this name in the resulting OidcUserInfo

name(String) - Method in class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.PublicKeyCredentialUserEntityBuilder

Sets the ImmutablePublicKeyCredentialUserEntity.getName() property.

name(String) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRpEntity.PublicKeyCredentialRpEntityBuilder

Sets the PublicKeyCredentialRpEntity.getName() property.

NAME - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames

name - the user's full name

nameIdFormat(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder

Deprecated.

nameIdFormat(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder

Set the NameID format

NBF - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames

nbf - A timestamp indicating when the token is not to be used before

NBF - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames

nbf - the Not Before claim identifies the time before which the JWT MUST NOT be accepted for processing

NegatedRequestMatcher - Class in org.springframework.security.web.util.matcher

A RequestMatcher that will negate the RequestMatcher passed in.

NegatedRequestMatcher(RequestMatcher) - Constructor for class org.springframework.security.web.util.matcher.NegatedRequestMatcher

Creates a new instance

NegatedServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher

Negates the provided matcher.

NegatedServerWebExchangeMatcher(ServerWebExchangeMatcher) - Constructor for class org.springframework.security.web.server.util.matcher.NegatedServerWebExchangeMatcher

NestedLdapAuthoritiesPopulator - Class in org.springframework.security.ldap.userdetails

A LDAP authority populator that can recursively search static nested groups.

NestedLdapAuthoritiesPopulator(ContextSource, String) - Constructor for class org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator

Constructor for group search scenarios.

NEVER - Enum constant in enum class org.springframework.security.config.http.SessionCreationPolicy

Spring Security will never create an HttpSession, but will use the HttpSession if it already exists

newSession() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer

Specifies that a new session should be created, but the session attributes from the original HttpSession should not be retained.

next(PayloadExchange) - Method in interface org.springframework.security.rsocket.api.PayloadInterceptorChain

Process the payload exchange.

nextElement() - Method in class org.springframework.security.web.savedrequest.Enumerator

Returns the next element of this enumeration if this enumeration has at least one more element to provide.

NFC - Static variable in class org.springframework.security.web.webauthn.api.AuthenticatorTransport

nfc indicates the respective authenticator can be contacted over Near Field Communication (NFC).

nickname(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Use this nickname in the resulting OidcUserInfo

NICKNAME - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames

nickname - the user's nick name that may or may not be the same as the given_name

NimbusJwtClientAuthenticationParametersConverter<T extends AbstractOAuth2AuthorizationGrantRequest> - Class in org.springframework.security.oauth2.client.endpoint

A Converter that customizes the OAuth 2.0 Access Token Request parameters by adding a signed JSON Web Token (JWS) to be used for client authentication at the Authorization Server's Token Endpoint.

NimbusJwtClientAuthenticationParametersConverter(Function<ClientRegistration, JWK>) - Constructor for class org.springframework.security.oauth2.client.endpoint.NimbusJwtClientAuthenticationParametersConverter

Constructs a NimbusJwtClientAuthenticationParametersConverter using the provided parameters.

NimbusJwtClientAuthenticationParametersConverter.JwtClientAuthenticationContext<T extends AbstractOAuth2AuthorizationGrantRequest> - Class in org.springframework.security.oauth2.client.endpoint

A context that holds client authentication-specific state and is used by NimbusJwtClientAuthenticationParametersConverter when attempting to customize the JSON Web Token (JWS) client assertion.

NimbusJwtDecoder - Class in org.springframework.security.oauth2.jwt

A low-level Nimbus implementation of JwtDecoder which takes a raw Nimbus configuration.

NimbusJwtDecoder(JWTProcessor<SecurityContext>) - Constructor for class org.springframework.security.oauth2.jwt.NimbusJwtDecoder

Configures a NimbusJwtDecoder with the given parameters

NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder - Class in org.springframework.security.oauth2.jwt

A builder for creating NimbusJwtDecoder instances based on a JWK Set uri.

NimbusJwtDecoder.PublicKeyJwtDecoderBuilder - Class in org.springframework.security.oauth2.jwt

A builder for creating NimbusJwtDecoder instances based on a public key.

NimbusJwtDecoder.SecretKeyJwtDecoderBuilder - Class in org.springframework.security.oauth2.jwt

A builder for creating NimbusJwtDecoder instances based on a SecretKey.

NimbusJwtEncoder - Class in org.springframework.security.oauth2.jwt

An implementation of a JwtEncoder that encodes a JSON Web Token (JWT) using the JSON Web Signature (JWS) Compact Serialization format.

NimbusJwtEncoder(JWKSource<SecurityContext>) - Constructor for class org.springframework.security.oauth2.jwt.NimbusJwtEncoder

Constructs a NimbusJwtEncoder using the provided parameters.

NimbusOpaqueTokenIntrospector - Class in org.springframework.security.oauth2.server.resource.introspection

Deprecated.

Please use SpringOpaqueTokenIntrospector instead

NimbusOpaqueTokenIntrospector(String, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector

Deprecated.

Creates a OpaqueTokenAuthenticationProvider with the provided parameters

NimbusOpaqueTokenIntrospector(String, RestOperations) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector

Deprecated.

Creates a OpaqueTokenAuthenticationProvider with the provided parameters The given RestOperations should perform its own client authentication against the introspection endpoint.

NimbusReactiveJwtDecoder - Class in org.springframework.security.oauth2.jwt

An implementation of a ReactiveJwtDecoder that "decodes" a JSON Web Token (JWT) and additionally verifies it's digital signature if the JWT is a JSON Web Signature (JWS).

NimbusReactiveJwtDecoder(String) - Constructor for class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder

Constructs a NimbusReactiveJwtDecoder using the provided parameters.

NimbusReactiveJwtDecoder(RSAPublicKey) - Constructor for class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder

Constructs a NimbusReactiveJwtDecoder using the provided parameters.

NimbusReactiveJwtDecoder(Converter<JWT, Mono<JWTClaimsSet>>) - Constructor for class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder

Constructs a NimbusReactiveJwtDecoder using the provided parameters.

NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder - Class in org.springframework.security.oauth2.jwt

A builder for creating NimbusReactiveJwtDecoder instances based on a JWK Set uri.

NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder - Class in org.springframework.security.oauth2.jwt

A builder for creating NimbusReactiveJwtDecoder instances.

NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder - Class in org.springframework.security.oauth2.jwt

A builder for creating NimbusReactiveJwtDecoder instances based on a public key.

NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder - Class in org.springframework.security.oauth2.jwt

A builder for creating NimbusReactiveJwtDecoder instances based on a SecretKey.

NimbusReactiveOpaqueTokenIntrospector - Class in org.springframework.security.oauth2.server.resource.introspection

Deprecated.

Please use SpringReactiveOpaqueTokenIntrospector instead

NimbusReactiveOpaqueTokenIntrospector(String, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOpaqueTokenIntrospector

Deprecated.

Creates a OpaqueTokenReactiveAuthenticationManager with the provided parameters

NimbusReactiveOpaqueTokenIntrospector(String, WebClient) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOpaqueTokenIntrospector

Deprecated.

Creates a OpaqueTokenReactiveAuthenticationManager with the provided parameters

NO_ATTRS - Static variable in class org.springframework.security.ldap.SpringSecurityLdapTemplate

NO_AUTHORITIES - Static variable in class org.springframework.security.core.authority.AuthorityUtils

NO_CONTEXT - Static variable in class org.springframework.security.core.context.SecurityContextChangedEvent

NO_OPTIONS - Static variable in class org.springframework.security.crypto.codec.Base64

Deprecated.

No options specified.

NO_REFERRER - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy

NO_REFERRER - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy

NO_REFERRER_WHEN_DOWNGRADE - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy

NO_REFERRER_WHEN_DOWNGRADE - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy

nonce(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder

Use this nonce in the resulting OidcIdToken

NONCE - Static variable in class org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames

nonce - used in the Authentication Request.

NONCE - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames

nonce - a String value used to associate a Client session with an ID Token, and to mitigate replay attacks.

NonceExpiredException - Exception in org.springframework.security.web.authentication.www

Thrown if an authentication request is rejected because the digest nonce has expired.

NonceExpiredException(String) - Constructor for exception org.springframework.security.web.authentication.www.NonceExpiredException

Constructs a NonceExpiredException with the specified message.

NonceExpiredException(String, Throwable) - Constructor for exception org.springframework.security.web.authentication.www.NonceExpiredException

Constructs a NonceExpiredException with the specified message and root cause.

none() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer

Specifies that no session fixation protection should be enabled.

NONE - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod

NONE - Static variable in class org.springframework.security.web.webauthn.api.AttestationConveyancePreference

The none preference indicates that the Relying Party is not interested in authenticator attestation.

noObservations() - Static method in class org.springframework.security.config.observation.SecurityObservationSettings

Make no Spring Security observations

NoOpAccessDeniedHandler - Class in org.springframework.security.web.access

An AccessDeniedHandler implementation that does nothing.

NoOpAccessDeniedHandler() - Constructor for class org.springframework.security.web.access.NoOpAccessDeniedHandler

NoOpAuthenticationEntryPoint - Class in org.springframework.security.web.authentication

An AuthenticationEntryPoint implementation that does nothing.

NoOpAuthenticationEntryPoint() - Constructor for class org.springframework.security.web.authentication.NoOpAuthenticationEntryPoint

NoOpPasswordEncoder - Class in org.springframework.security.crypto.password

Deprecated.

This PasswordEncoder is not secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use DelegatingPasswordEncoder which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.

NoOpServerRequestCache - Class in org.springframework.security.web.server.savedrequest

An implementation of ServerRequestCache that does nothing.

NoOpServerSecurityContextRepository - Class in org.springframework.security.web.server.context

A do nothing implementation of ServerSecurityContextRepository.

noOpText() - Static method in class org.springframework.security.crypto.encrypt.Encryptors

Creates a text encryptor that performs no encryption.

NOSNIFF - Static variable in class org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter

NOSNIFF - Static variable in class org.springframework.security.web.server.header.XContentTypeOptionsServerHttpHeadersWriter

not() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Negates the following authorization rule.

not() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Deprecated.

Negates the following expression.

not(AuthorizationManager<T>) - Static method in class org.springframework.security.authorization.AuthorizationManagers

Creates an AuthorizationManager that reverses whatever decision the given AuthorizationManager granted.

not(RequestMatcher) - Static method in class org.springframework.security.web.util.matcher.RequestMatchers

Creates a RequestMatcher that matches if the given RequestMatcher does not match.

notBefore(Instant) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder

Use this not-before timestamp in the resulting Jwt

notBefore(Instant) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder

Sets the not before (nbf) claim, which identifies the time before which the JWT MUST NOT be accepted for processing.

NotFoundException - Exception in org.springframework.security.acls.model

Thrown if an ACL-related object cannot be found.

NotFoundException(String) - Constructor for exception org.springframework.security.acls.model.NotFoundException

Constructs an NotFoundException with the specified message.

NotFoundException(String, Throwable) - Constructor for exception org.springframework.security.acls.model.NotFoundException

Constructs an NotFoundException with the specified message and root cause.

notMatch() - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher.MatchResult

Creates an instance of PayloadExchangeMatcher.MatchResult that is not a match.

notMatch() - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult

Creates an instance of ServerWebExchangeMatcher.MatchResult that is not a match.

notMatch() - Static method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult

Creates an instance of RequestMatcher.MatchResult that is not a match.

NULL_DESTINATION_MATCHER - Static variable in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher

NullAuthenticatedSessionStrategy - Class in org.springframework.security.web.authentication.session

NullAuthenticatedSessionStrategy() - Constructor for class org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy

NullAuthenticationProvider() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider

NullAuthoritiesMapper - Class in org.springframework.security.core.authority.mapping

NullAuthoritiesMapper() - Constructor for class org.springframework.security.core.authority.mapping.NullAuthoritiesMapper

nullDestMatcher() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Deprecated.

Maps any Message that has a null SimpMessageHeaderAccessor destination header (i.e.

nullDestMatcher() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder

Maps any Message that has a null SimpMessageHeaderAccessor destination header (i.e.

NullEventPublisher() - Constructor for class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy.NullEventPublisher

NullLdapAuthoritiesPopulator - Class in org.springframework.security.ldap.authentication

NullLdapAuthoritiesPopulator() - Constructor for class org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator

NullRememberMeServices - Class in org.springframework.security.web.authentication

Implementation of NullRememberMeServices that does nothing.

NullRememberMeServices() - Constructor for class org.springframework.security.web.authentication.NullRememberMeServices

NullRequestCache - Class in org.springframework.security.web.savedrequest

Null implementation of RequestCache.

NullRequestCache() - Constructor for class org.springframework.security.web.savedrequest.NullRequestCache

NullRoleHierarchy - Class in org.springframework.security.access.hierarchicalroles

NullRoleHierarchy() - Constructor for class org.springframework.security.access.hierarchicalroles.NullRoleHierarchy

NullSecurityContextRepository - Class in org.springframework.security.web.context

NullSecurityContextRepository() - Constructor for class org.springframework.security.web.context.NullSecurityContextRepository

NullStatelessTicketCache - Class in org.springframework.security.cas.authentication

Implementation of @link StatelessTicketCache that has no backing cache.

NullStatelessTicketCache() - Constructor for class org.springframework.security.cas.authentication.NullStatelessTicketCache

NullUserCache - Class in org.springframework.security.core.userdetails.cache

Does not perform any caching.

NullUserCache() - Constructor for class org.springframework.security.core.userdetails.cache.NullUserCache

O

OAEP - Enum constant in enum class org.springframework.security.crypto.encrypt.RsaAlgorithm

OAUTH2_AUTHORIZATION_CODE - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

OAUTH2_CLIENT - Static variable in class org.springframework.security.config.Elements

OAUTH2_LOGIN - Static variable in class org.springframework.security.config.Elements

OAUTH2_RESOURCE_SERVER - Static variable in class org.springframework.security.config.Elements

OAuth2AccessToken - Class in org.springframework.security.oauth2.core

An implementation of an AbstractOAuth2Token representing an OAuth 2.0 Access Token.

OAuth2AccessToken(OAuth2AccessToken.TokenType, String, Instant, Instant) - Constructor for class org.springframework.security.oauth2.core.OAuth2AccessToken

Constructs an OAuth2AccessToken using the provided parameters.

OAuth2AccessToken(OAuth2AccessToken.TokenType, String, Instant, Instant, Set<String>) - Constructor for class org.springframework.security.oauth2.core.OAuth2AccessToken

Constructs an OAuth2AccessToken using the provided parameters.

OAuth2AccessToken.TokenType - Class in org.springframework.security.oauth2.core

Access Token Types.

oauth2AccessTokenResponse() - Static method in class org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors

Extractor to decode an OAuth2AccessTokenResponse

OAuth2AccessTokenResponse - Class in org.springframework.security.oauth2.core.endpoint

A representation of an OAuth 2.0 Access Token Response.

OAuth2AccessTokenResponse.Builder - Class in org.springframework.security.oauth2.core.endpoint

A builder for OAuth2AccessTokenResponse.

OAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> - Interface in org.springframework.security.oauth2.client.endpoint

A strategy for "exchanging" an authorization grant credential (e.g.

OAuth2AccessTokenResponseHttpMessageConverter - Class in org.springframework.security.oauth2.core.http.converter

A HttpMessageConverter for an OAuth 2.0 Access Token Response.

OAuth2AccessTokenResponseHttpMessageConverter() - Constructor for class org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter

OAuth2AuthenticatedPrincipal - Interface in org.springframework.security.oauth2.core

An AuthenticatedPrincipal that represents the principal associated with an OAuth 2.0 token.

OAuth2AuthenticationException - Exception in org.springframework.security.oauth2.core

This exception is thrown for all OAuth 2.0 related Authentication errors.

OAuth2AuthenticationException(String) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthenticationException

Constructs an OAuth2AuthenticationException using the provided parameters.

OAuth2AuthenticationException(OAuth2Error) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthenticationException

Constructs an OAuth2AuthenticationException using the provided parameters.

OAuth2AuthenticationException(OAuth2Error, String) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthenticationException

Constructs an OAuth2AuthenticationException using the provided parameters.

OAuth2AuthenticationException(OAuth2Error, String, Throwable) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthenticationException

Constructs an OAuth2AuthenticationException using the provided parameters.

OAuth2AuthenticationException(OAuth2Error, Throwable) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthenticationException

Constructs an OAuth2AuthenticationException using the provided parameters.

OAuth2AuthenticationToken - Class in org.springframework.security.oauth2.client.authentication

An implementation of an AbstractAuthenticationToken that represents an OAuth 2.0 Authentication.

OAuth2AuthenticationToken(OAuth2User, Collection<? extends GrantedAuthority>, String) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken

Constructs an OAuth2AuthenticationToken using the provided parameters.

OAuth2AuthorizationCodeAuthenticationProvider - Class in org.springframework.security.oauth2.client.authentication

An implementation of an AuthenticationProvider for the OAuth 2.0 Authorization Code Grant.

OAuth2AuthorizationCodeAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationProvider

Constructs an OAuth2AuthorizationCodeAuthenticationProvider using the provided parameters.

OAuth2AuthorizationCodeAuthenticationToken - Class in org.springframework.security.oauth2.client.authentication

An AbstractAuthenticationToken for the OAuth 2.0 Authorization Code Grant.

OAuth2AuthorizationCodeAuthenticationToken(ClientRegistration, OAuth2AuthorizationExchange) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken

This constructor should be used when the Authorization Request/Response is complete.

OAuth2AuthorizationCodeAuthenticationToken(ClientRegistration, OAuth2AuthorizationExchange, OAuth2AccessToken) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken

This constructor should be used when the Access Token Request/Response is complete, which indicates that the Authorization Code Grant flow has fully completed.

OAuth2AuthorizationCodeAuthenticationToken(ClientRegistration, OAuth2AuthorizationExchange, OAuth2AccessToken, OAuth2RefreshToken) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken

This constructor should be used when the Access Token Request/Response is complete, which indicates that the Authorization Code Grant flow has fully completed.

OAuth2AuthorizationCodeAuthenticationToken(ClientRegistration, OAuth2AuthorizationExchange, OAuth2AccessToken, OAuth2RefreshToken, Map<String, Object>) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken

OAuth2AuthorizationCodeGrantFilter - Class in org.springframework.security.oauth2.client.web

A Filter for the OAuth 2.0 Authorization Code Grant, which handles the processing of the OAuth 2.0 Authorization Response.

OAuth2AuthorizationCodeGrantFilter(ClientRegistrationRepository, OAuth2AuthorizedClientRepository, AuthenticationManager) - Constructor for class org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter

Constructs an OAuth2AuthorizationCodeGrantFilter using the provided parameters.

OAuth2AuthorizationCodeGrantRequest - Class in org.springframework.security.oauth2.client.endpoint

An OAuth 2.0 Authorization Code Grant request that holds an Authorization Code credential, which was granted by the Resource Owner to the Client.

OAuth2AuthorizationCodeGrantRequest(ClientRegistration, OAuth2AuthorizationExchange) - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest

Constructs an OAuth2AuthorizationCodeGrantRequest using the provided parameters.

OAuth2AuthorizationCodeGrantRequestEntityConverter - Class in org.springframework.security.oauth2.client.endpoint

Deprecated.

Use DefaultOAuth2TokenRequestParametersConverter instead

OAuth2AuthorizationCodeGrantRequestEntityConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequestEntityConverter

Deprecated.

OAuth2AuthorizationCodeGrantWebFilter - Class in org.springframework.security.oauth2.client.web.server

A Filter for the OAuth 2.0 Authorization Code Grant, which handles the processing of the OAuth 2.0 Authorization Response.

OAuth2AuthorizationCodeGrantWebFilter(ReactiveAuthenticationManager, ReactiveClientRegistrationRepository, ServerOAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationCodeGrantWebFilter

OAuth2AuthorizationCodeGrantWebFilter(ReactiveAuthenticationManager, ServerAuthenticationConverter, ServerOAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationCodeGrantWebFilter

OAuth2AuthorizationCodeReactiveAuthenticationManager - Class in org.springframework.security.oauth2.client.authentication

An implementation of an AuthenticationProvider for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.

OAuth2AuthorizationCodeReactiveAuthenticationManager(ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeReactiveAuthenticationManager

OAuth2AuthorizationContext - Class in org.springframework.security.oauth2.client

A context that holds authorization-specific state and is used by an OAuth2AuthorizedClientProvider when attempting to authorize (or re-authorize) an OAuth 2.0 Client.

OAuth2AuthorizationContext.Builder - Class in org.springframework.security.oauth2.client

A builder for OAuth2AuthorizationContext.

OAuth2AuthorizationException - Exception in org.springframework.security.oauth2.core

Base exception for OAuth 2.0 Authorization errors.

OAuth2AuthorizationException(OAuth2Error) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthorizationException

Constructs an OAuth2AuthorizationException using the provided parameters.

OAuth2AuthorizationException(OAuth2Error, String) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthorizationException

Constructs an OAuth2AuthorizationException using the provided parameters.

OAuth2AuthorizationException(OAuth2Error, String, Throwable) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthorizationException

Constructs an OAuth2AuthorizationException using the provided parameters.

OAuth2AuthorizationException(OAuth2Error, Throwable) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthorizationException

Constructs an OAuth2AuthorizationException using the provided parameters.

OAuth2AuthorizationExchange - Class in org.springframework.security.oauth2.core.endpoint

An "exchange" of an OAuth 2.0 Authorization Request and Response for the authorization code grant type.

OAuth2AuthorizationExchange(OAuth2AuthorizationRequest, OAuth2AuthorizationResponse) - Constructor for class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange

Constructs a new OAuth2AuthorizationExchange with the provided Authorization Request and Authorization Response.

OAuth2AuthorizationFailureHandler - Interface in org.springframework.security.oauth2.client

Handles when an OAuth 2.0 Client fails to authorize (or re-authorize) via the Authorization Server or Resource Server.

OAuth2AuthorizationManagers - Class in org.springframework.security.oauth2.core.authorization

A convenience class for creating OAuth 2.0-specific AuthorizationManagers.

OAuth2AuthorizationRequest - Class in org.springframework.security.oauth2.core.endpoint

A representation of an OAuth 2.0 Authorization Request for the authorization code grant type.

OAuth2AuthorizationRequest.Builder - Class in org.springframework.security.oauth2.core.endpoint

A builder for OAuth2AuthorizationRequest.

OAuth2AuthorizationRequestCustomizers - Class in org.springframework.security.oauth2.client.web

A factory of customizers that customize the OAuth 2.0 Authorization Request via the OAuth2AuthorizationRequest.Builder.

OAuth2AuthorizationRequestRedirectFilter - Class in org.springframework.security.oauth2.client.web

This Filter initiates the authorization code grant flow by redirecting the End-User's user-agent to the Authorization Server's Authorization Endpoint.

OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter

Constructs an OAuth2AuthorizationRequestRedirectFilter using the provided parameters.

OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository, String) - Constructor for class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter

Constructs an OAuth2AuthorizationRequestRedirectFilter using the provided parameters.

OAuth2AuthorizationRequestRedirectFilter(OAuth2AuthorizationRequestResolver) - Constructor for class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter

Constructs an OAuth2AuthorizationRequestRedirectFilter using the provided parameters.

OAuth2AuthorizationRequestRedirectWebFilter - Class in org.springframework.security.oauth2.client.web.server

This WebFilter initiates the authorization code grant flow by redirecting the End-User's user-agent to the Authorization Server's Authorization Endpoint.

OAuth2AuthorizationRequestRedirectWebFilter(ReactiveClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter

Constructs an OAuth2AuthorizationRequestRedirectFilter using the provided parameters.

OAuth2AuthorizationRequestRedirectWebFilter(ServerOAuth2AuthorizationRequestResolver) - Constructor for class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter

Constructs an OAuth2AuthorizationRequestRedirectFilter using the provided parameters.

OAuth2AuthorizationRequestResolver - Interface in org.springframework.security.oauth2.client.web

Implementations of this interface are capable of resolving an OAuth2AuthorizationRequest from the provided HttpServletRequest.

OAuth2AuthorizationResponse - Class in org.springframework.security.oauth2.core.endpoint

A representation of an OAuth 2.0 Authorization Response for the authorization code grant type.

OAuth2AuthorizationResponse.Builder - Class in org.springframework.security.oauth2.core.endpoint

A builder for OAuth2AuthorizationResponse.

OAuth2AuthorizationResponseType - Class in org.springframework.security.oauth2.core.endpoint

The response_type parameter is consumed by the authorization endpoint which is used by the authorization code grant type.

OAuth2AuthorizationResponseType(String) - Constructor for class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType

OAuth2AuthorizationSuccessHandler - Interface in org.springframework.security.oauth2.client

Handles when an OAuth 2.0 Client has been successfully authorized (or re-authorized) via the Authorization Server.

oauth2AuthorizedClient(OAuth2AuthorizedClient) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction

Modifies the ClientRequest.attributes() to include the OAuth2AuthorizedClient to be used for providing the Bearer Token.

oauth2AuthorizedClient(OAuth2AuthorizedClient) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction

Modifies the ClientRequest.attributes() to include the OAuth2AuthorizedClient to be used for providing the Bearer Token.

OAuth2AuthorizedClient - Class in org.springframework.security.oauth2.client

A representation of an OAuth 2.0 "Authorized Client".

OAuth2AuthorizedClient(ClientRegistration, String, OAuth2AccessToken) - Constructor for class org.springframework.security.oauth2.client.OAuth2AuthorizedClient

Constructs an OAuth2AuthorizedClient using the provided parameters.

OAuth2AuthorizedClient(ClientRegistration, String, OAuth2AccessToken, OAuth2RefreshToken) - Constructor for class org.springframework.security.oauth2.client.OAuth2AuthorizedClient

Constructs an OAuth2AuthorizedClient using the provided parameters.

OAuth2AuthorizedClientArgumentResolver - Class in org.springframework.security.oauth2.client.web.method.annotation

An implementation of a HandlerMethodArgumentResolver that is capable of resolving a method parameter to an argument value of type OAuth2AuthorizedClient.

OAuth2AuthorizedClientArgumentResolver - Class in org.springframework.security.oauth2.client.web.reactive.result.method.annotation

An implementation of a HandlerMethodArgumentResolver that is capable of resolving a method parameter to an argument value of type OAuth2AuthorizedClient.

OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager) - Constructor for class org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver

Constructs an OAuth2AuthorizedClientArgumentResolver using the provided parameters.

OAuth2AuthorizedClientArgumentResolver(ReactiveOAuth2AuthorizedClientManager) - Constructor for class org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2AuthorizedClientArgumentResolver

Constructs an OAuth2AuthorizedClientArgumentResolver using the provided parameters.

OAuth2AuthorizedClientArgumentResolver(ClientRegistrationRepository, OAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver

Constructs an OAuth2AuthorizedClientArgumentResolver using the provided parameters.

OAuth2AuthorizedClientArgumentResolver(ReactiveClientRegistrationRepository, ServerOAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2AuthorizedClientArgumentResolver

Constructs an OAuth2AuthorizedClientArgumentResolver using the provided parameters.

OAuth2AuthorizedClientHolder(String, String, OAuth2AccessToken, OAuth2RefreshToken) - Constructor for class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder

Constructs an OAuth2AuthorizedClientHolder using the provided parameters.

OAuth2AuthorizedClientHolder(OAuth2AuthorizedClient, Authentication) - Constructor for class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder

Constructs an OAuth2AuthorizedClientHolder using the provided parameters.

OAuth2AuthorizedClientHolder(OAuth2AuthorizedClient, Authentication) - Constructor for class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder

Constructs an OAuth2AuthorizedClientHolder using the provided parameters.

OAuth2AuthorizedClientId - Class in org.springframework.security.oauth2.client

The identifier for OAuth2AuthorizedClient.

OAuth2AuthorizedClientId(String, String) - Constructor for class org.springframework.security.oauth2.client.OAuth2AuthorizedClientId

Constructs an OAuth2AuthorizedClientId using the provided parameters.

OAuth2AuthorizedClientManager - Interface in org.springframework.security.oauth2.client

Implementations of this interface are responsible for the overall management of Authorized Client(s).

OAuth2AuthorizedClientParametersMapper() - Constructor for class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper

OAuth2AuthorizedClientParametersMapper() - Constructor for class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper

OAuth2AuthorizedClientProvider - Interface in org.springframework.security.oauth2.client

A strategy for authorizing (or re-authorizing) an OAuth 2.0 Client.

OAuth2AuthorizedClientProviderBuilder - Class in org.springframework.security.oauth2.client

A builder that builds a DelegatingOAuth2AuthorizedClientProvider composed of one or more OAuth2AuthorizedClientProvider(s) that implement specific authorization grants.

OAuth2AuthorizedClientProviderBuilder.AuthorizationCodeGrantBuilder - Class in org.springframework.security.oauth2.client

A builder for the authorization_code grant.

OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder - Class in org.springframework.security.oauth2.client

A builder for the client_credentials grant.

OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder - Class in org.springframework.security.oauth2.client

A builder for the password grant.

OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder - Class in org.springframework.security.oauth2.client

A builder for the refresh_token grant.

OAuth2AuthorizedClientRepository - Interface in org.springframework.security.oauth2.client.web

Implementations of this interface are responsible for the persistence of Authorized Client(s) between requests.

OAuth2AuthorizedClientRowMapper() - Constructor for class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper

OAuth2AuthorizedClientRowMapper(ClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper

OAuth2AuthorizedClientService - Interface in org.springframework.security.oauth2.client

Implementations of this interface are responsible for the management of Authorized Client(s), which provide the purpose of associating an Access Token credential to a Client and Resource Owner, who is the Principal that originally granted the authorization.

OAuth2AuthorizeRequest - Class in org.springframework.security.oauth2.client

Represents a request the OAuth2AuthorizedClientManager uses to authorize (or re-authorize) the client identified by the provided clientRegistrationId.

OAuth2AuthorizeRequest.Builder - Class in org.springframework.security.oauth2.client

A builder for OAuth2AuthorizeRequest.

OAuth2BodyExtractors - Class in org.springframework.security.oauth2.core.web.reactive.function

Static factory methods for OAuth2 BodyExtractor implementations.

oauth2Client() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.oauth2Client(Customizer) or oauth2Client(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

oauth2Client() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.oauth2Client(Customizer) or oauth2Client(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

oauth2Client() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors

Establish an OAuth2AuthorizedClient in the session.

oauth2Client(String) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors

Establish an OAuth2AuthorizedClient in the session.

oauth2Client(Customizer<OAuth2ClientConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures OAuth 2.0 Client support.

oauth2Client(Customizer<ServerHttpSecurity.OAuth2ClientSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures the OAuth2 client.

OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client

An AbstractHttpConfigurer for OAuth 2.0 Client support.

OAuth2ClientConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer

OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client

Configuration options for the OAuth 2.0 Authorization Code Grant.

OAuth2ClientCredentialsGrantRequest - Class in org.springframework.security.oauth2.client.endpoint

An OAuth 2.0 Client Credentials Grant request that holds the client's credentials in AbstractOAuth2AuthorizationGrantRequest.getClientRegistration().

OAuth2ClientCredentialsGrantRequest(ClientRegistration) - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest

Constructs an OAuth2ClientCredentialsGrantRequest using the provided parameters.

OAuth2ClientCredentialsGrantRequestEntityConverter - Class in org.springframework.security.oauth2.client.endpoint

Deprecated.

Use DefaultOAuth2TokenRequestParametersConverter instead

OAuth2ClientCredentialsGrantRequestEntityConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequestEntityConverter

Deprecated.

OAuth2ClientHttpRequestInterceptor - Class in org.springframework.security.oauth2.client.web.client

Provides an easy mechanism for using an OAuth2AuthorizedClient to make OAuth 2.0 requests by including the access token as a bearer token.

OAuth2ClientHttpRequestInterceptor(OAuth2AuthorizedClientManager) - Constructor for class org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor

Constructs a OAuth2ClientHttpRequestInterceptor using the provided parameters.

OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver - Interface in org.springframework.security.oauth2.client.web.client

A strategy for resolving a clientRegistrationId from an intercepted request.

OAuth2ClientHttpRequestInterceptor.PrincipalResolver - Interface in org.springframework.security.oauth2.client.web.client

A strategy for resolving a principal from an intercepted request.

OAuth2ClientJackson2Module - Class in org.springframework.security.oauth2.client.jackson2

Jackson Module for spring-security-oauth2-client, that registers the following mix-in annotations: OAuth2AuthorizationRequestMixin ClientRegistrationMixin OAuth2AccessTokenMixin OAuth2RefreshTokenMixin OAuth2AuthorizedClientMixin OAuth2UserAuthorityMixin DefaultOAuth2UserMixin OidcIdTokenMixin OidcUserInfoMixin OidcUserAuthorityMixin DefaultOidcUserMixin OAuth2AuthenticationTokenMixin OAuth2AuthenticationExceptionMixin OAuth2ErrorMixin If not already enabled, default typing will be automatically enabled as type info is required to properly serialize/deserialize objects.

OAuth2ClientJackson2Module() - Constructor for class org.springframework.security.oauth2.client.jackson2.OAuth2ClientJackson2Module

oauth2Configuration() - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction

Configures the builder with ServletOAuth2AuthorizedClientExchangeFilterFunction.defaultRequest() and adds this as a ExchangeFilterFunction

OAuth2DeviceAuthorizationResponse - Class in org.springframework.security.oauth2.core.endpoint

A representation of an OAuth 2.0 Device Authorization Response.

OAuth2DeviceAuthorizationResponse.Builder - Class in org.springframework.security.oauth2.core.endpoint

A builder for OAuth2DeviceAuthorizationResponse.

OAuth2DeviceAuthorizationResponseHttpMessageConverter - Class in org.springframework.security.oauth2.core.http.converter

A HttpMessageConverter for an OAuth 2.0 Device Authorization Response.

OAuth2DeviceAuthorizationResponseHttpMessageConverter() - Constructor for class org.springframework.security.oauth2.core.http.converter.OAuth2DeviceAuthorizationResponseHttpMessageConverter

OAuth2DeviceCode - Class in org.springframework.security.oauth2.core

An implementation of an AbstractOAuth2Token representing a device code as part of the OAuth 2.0 Device Authorization Grant.

OAuth2DeviceCode(String, Instant, Instant) - Constructor for class org.springframework.security.oauth2.core.OAuth2DeviceCode

Constructs an OAuth2DeviceCode using the provided parameters.

OAuth2Error - Class in org.springframework.security.oauth2.core

A representation of an OAuth 2.0 Error.

OAuth2Error(String) - Constructor for class org.springframework.security.oauth2.core.OAuth2Error

Constructs an OAuth2Error using the provided parameters.

OAuth2Error(String, String, String) - Constructor for class org.springframework.security.oauth2.core.OAuth2Error

Constructs an OAuth2Error using the provided parameters.

OAuth2ErrorCodes - Class in org.springframework.security.oauth2.core

Standard error codes defined by the OAuth 2.0 Authorization Framework.

OAuth2ErrorHttpMessageConverter - Class in org.springframework.security.oauth2.core.http.converter

A HttpMessageConverter for an OAuth 2.0 Error.

OAuth2ErrorHttpMessageConverter() - Constructor for class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter

OAuth2ErrorResponseErrorHandler - Class in org.springframework.security.oauth2.client.http

A ResponseErrorHandler that handles an OAuth 2.0 Error.

OAuth2ErrorResponseErrorHandler() - Constructor for class org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler

OAuth2IntrospectionAuthenticatedPrincipal - Class in org.springframework.security.oauth2.server.resource.introspection

A domain object that wraps the attributes of OAuth 2.0 Token Introspection.

OAuth2IntrospectionAuthenticatedPrincipal(String, Map<String, Object>, Collection<GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal

Constructs an OAuth2IntrospectionAuthenticatedPrincipal using the provided parameters.

OAuth2IntrospectionAuthenticatedPrincipal(Map<String, Object>, Collection<GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal

Constructs an OAuth2IntrospectionAuthenticatedPrincipal using the provided parameters.

OAuth2IntrospectionException - Exception in org.springframework.security.oauth2.server.resource.introspection

Base exception for all OAuth 2.0 Introspection related errors

OAuth2IntrospectionException(String) - Constructor for exception org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException

OAuth2IntrospectionException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException

oauth2Login() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.oauth2Login(Customizer) or oauth2Login(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

oauth2Login() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.oauth2Login(Customizer) or oauth2Login(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

oauth2Login() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors

Establish a SecurityContext that has a OAuth2AuthenticationToken for the Authentication, a OAuth2User as the principal, and a OAuth2AuthorizedClient in the session.

oauth2Login(Customizer<OAuth2LoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.

oauth2Login(Customizer<ServerHttpSecurity.OAuth2LoginSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.

OAuth2LoginAuthenticationFilter - Class in org.springframework.security.oauth2.client.web

An implementation of an AbstractAuthenticationProcessingFilter for OAuth 2.0 Login.

OAuth2LoginAuthenticationFilter(ClientRegistrationRepository, OAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter

Constructs an OAuth2LoginAuthenticationFilter using the provided parameters.

OAuth2LoginAuthenticationFilter(ClientRegistrationRepository, OAuth2AuthorizedClientService, String) - Constructor for class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter

Constructs an OAuth2LoginAuthenticationFilter using the provided parameters.

OAuth2LoginAuthenticationFilter(ClientRegistrationRepository, OAuth2AuthorizedClientRepository, String) - Constructor for class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter

Constructs an OAuth2LoginAuthenticationFilter using the provided parameters.

OAuth2LoginAuthenticationProvider - Class in org.springframework.security.oauth2.client.authentication

An implementation of an AuthenticationProvider for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.

OAuth2LoginAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>, OAuth2UserService<OAuth2UserRequest, OAuth2User>) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider

Constructs an OAuth2LoginAuthenticationProvider using the provided parameters.

OAuth2LoginAuthenticationToken - Class in org.springframework.security.oauth2.client.authentication

An AbstractAuthenticationToken for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.

OAuth2LoginAuthenticationToken(ClientRegistration, OAuth2AuthorizationExchange) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken

This constructor should be used when the Authorization Request/Response is complete.

OAuth2LoginAuthenticationToken(ClientRegistration, OAuth2AuthorizationExchange, OAuth2User, Collection<? extends GrantedAuthority>, OAuth2AccessToken) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken

This constructor should be used when the Access Token Request/Response is complete, which indicates that the Authorization Code Grant flow has fully completed and OAuth 2.0 Login has been achieved.

OAuth2LoginAuthenticationToken(ClientRegistration, OAuth2AuthorizationExchange, OAuth2User, Collection<? extends GrantedAuthority>, OAuth2AccessToken, OAuth2RefreshToken) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken

This constructor should be used when the Access Token Request/Response is complete, which indicates that the Authorization Code Grant flow has fully completed and OAuth 2.0 Login has been achieved.

OAuth2LoginAuthenticationWebFilter - Class in org.springframework.security.oauth2.client.web.server.authentication

A specialized AuthenticationWebFilter that converts from an OAuth2LoginAuthenticationToken to an OAuth2AuthenticationToken and saves the OAuth2AuthorizedClient

OAuth2LoginAuthenticationWebFilter(ReactiveAuthenticationManager, ServerOAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter

Creates an instance

OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client

An AbstractHttpConfigurer for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.

OAuth2LoginConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

OAuth2LoginConfigurer.AuthorizationEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client

Configuration options for the Authorization Server's Authorization Endpoint.

OAuth2LoginConfigurer.RedirectionEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client

Configuration options for the Client's Redirection Endpoint.

OAuth2LoginConfigurer.TokenEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client

Configuration options for the Authorization Server's Token Endpoint.

OAuth2LoginConfigurer.UserInfoEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client

Configuration options for the Authorization Server's UserInfo Endpoint.

OAuth2LoginReactiveAuthenticationManager - Class in org.springframework.security.oauth2.client.authentication

An implementation of an AuthenticationProvider for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.

OAuth2LoginReactiveAuthenticationManager(ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>, ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User>) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2LoginReactiveAuthenticationManager

OAuth2ParameterNames - Class in org.springframework.security.oauth2.core.endpoint

Standard and custom (non-standard) parameter names defined in the OAuth Parameters Registry and used by the authorization endpoint, token endpoint and token revocation endpoint.

OAuth2PasswordGrantRequest - Class in org.springframework.security.oauth2.client.endpoint

Deprecated.

The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.

OAuth2PasswordGrantRequest(ClientRegistration, String, String) - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest

Deprecated.

Constructs an OAuth2PasswordGrantRequest using the provided parameters.

OAuth2PasswordGrantRequestEntityConverter - Class in org.springframework.security.oauth2.client.endpoint

Deprecated.

Use DefaultOAuth2TokenRequestParametersConverter instead

OAuth2PasswordGrantRequestEntityConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequestEntityConverter

Deprecated.

OAuth2ReactiveAuthorizationManagers - Class in org.springframework.security.oauth2.core.authorization

A convenience class for creating OAuth 2.0-specific AuthorizationManagers.

OAuth2RefreshToken - Class in org.springframework.security.oauth2.core

An implementation of an AbstractOAuth2Token representing an OAuth 2.0 Refresh Token.

OAuth2RefreshToken(String, Instant) - Constructor for class org.springframework.security.oauth2.core.OAuth2RefreshToken

Constructs an OAuth2RefreshToken using the provided parameters.

OAuth2RefreshToken(String, Instant, Instant) - Constructor for class org.springframework.security.oauth2.core.OAuth2RefreshToken

Constructs an OAuth2RefreshToken using the provided parameters.

OAuth2RefreshTokenGrantRequest - Class in org.springframework.security.oauth2.client.endpoint

An OAuth 2.0 Refresh Token Grant request that holds the refresh token credential granted to the client.

OAuth2RefreshTokenGrantRequest(ClientRegistration, OAuth2AccessToken, OAuth2RefreshToken) - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest

Constructs an OAuth2RefreshTokenGrantRequest using the provided parameters.

OAuth2RefreshTokenGrantRequest(ClientRegistration, OAuth2AccessToken, OAuth2RefreshToken, Set<String>) - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest

Constructs an OAuth2RefreshTokenGrantRequest using the provided parameters.

OAuth2RefreshTokenGrantRequestEntityConverter - Class in org.springframework.security.oauth2.client.endpoint

Deprecated.

Use DefaultOAuth2TokenRequestParametersConverter instead

OAuth2RefreshTokenGrantRequestEntityConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequestEntityConverter

Deprecated.

oauth2ResourceServer() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.oauth2ResourceServer(Customizer) instead

oauth2ResourceServer() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.oauth2ResourceServer(Customizer) instead

oauth2ResourceServer(Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures OAuth 2.0 Resource Server support.

oauth2ResourceServer(Customizer<ServerHttpSecurity.OAuth2ResourceServerSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures OAuth 2.0 Resource Server support.

OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource

An AbstractHttpConfigurer for OAuth 2.0 Resource Server Support.

OAuth2ResourceServerConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

OAuth2ResourceServerConfigurer.JwtConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource

OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource

OAuth2ResourceServerSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

OAuth2Token - Interface in org.springframework.security.oauth2.core

Core interface representing an OAuth 2.0 Token.

OAuth2TokenIntrospectionClaimAccessor - Interface in org.springframework.security.oauth2.core

A ClaimAccessor for the "claims" that may be contained in the Introspection Response.

OAuth2TokenIntrospectionClaimNames - Class in org.springframework.security.oauth2.core

The names of the "Introspection Claims" defined by an Introspection Response.

OAuth2TokenValidator<T extends OAuth2Token> - Interface in org.springframework.security.oauth2.core

Implementations of this interface are responsible for "verifying" the validity and/or constraints of the attributes contained in an OAuth 2.0 Token.

OAuth2TokenValidatorResult - Class in org.springframework.security.oauth2.core

A result emitted from an OAuth2TokenValidator validation attempt

oauth2User(OAuth2User) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator

Use the provided OAuth2User as the authenticated user.

oauth2User(OAuth2User) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor

Use the provided OAuth2User as the authenticated user.

OAuth2User - Interface in org.springframework.security.oauth2.core.user

A representation of a user Principal that is registered with an OAuth 2.0 Provider.

OAuth2UserAuthority - Class in org.springframework.security.oauth2.core.user

A GrantedAuthority that may be associated to an OAuth2User.

OAuth2UserAuthority(String, Map<String, Object>) - Constructor for class org.springframework.security.oauth2.core.user.OAuth2UserAuthority

Constructs a OAuth2UserAuthority using the provided parameters.

OAuth2UserAuthority(String, Map<String, Object>, String) - Constructor for class org.springframework.security.oauth2.core.user.OAuth2UserAuthority

Constructs a OAuth2UserAuthority using the provided parameters.

OAuth2UserAuthority(Map<String, Object>) - Constructor for class org.springframework.security.oauth2.core.user.OAuth2UserAuthority

Constructs a OAuth2UserAuthority using the provided parameters and defaults OAuth2UserAuthority.getAuthority() to OAUTH2_USER.

OAuth2UserAuthority(Map<String, Object>, String) - Constructor for class org.springframework.security.oauth2.core.user.OAuth2UserAuthority

Constructs a OAuth2UserAuthority using the provided parameters and defaults OAuth2UserAuthority.getAuthority() to OAUTH2_USER.

OAuth2UserCode - Class in org.springframework.security.oauth2.core

An implementation of an AbstractOAuth2Token representing a user code as part of the OAuth 2.0 Device Authorization Grant.

OAuth2UserCode(String, Instant, Instant) - Constructor for class org.springframework.security.oauth2.core.OAuth2UserCode

Constructs an OAuth2UserCode using the provided parameters.

OAuth2UserRequest - Class in org.springframework.security.oauth2.client.userinfo

Represents a request the OAuth2UserService uses when initiating a request to the UserInfo Endpoint.

OAuth2UserRequest(ClientRegistration, OAuth2AccessToken) - Constructor for class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest

Constructs an OAuth2UserRequest using the provided parameters.

OAuth2UserRequest(ClientRegistration, OAuth2AccessToken, Map<String, Object>) - Constructor for class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest

Constructs an OAuth2UserRequest using the provided parameters.

OAuth2UserRequestEntityConverter - Class in org.springframework.security.oauth2.client.userinfo

A Converter that converts the provided OAuth2UserRequest to a RequestEntity representation of a request for the UserInfo Endpoint.

OAuth2UserRequestEntityConverter() - Constructor for class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequestEntityConverter

OAuth2UserService<R extends OAuth2UserRequest,U extends OAuth2User> - Interface in org.springframework.security.oauth2.client.userinfo

Implementations of this interface are responsible for obtaining the user attributes of the End-User (Resource Owner) from the UserInfo Endpoint using the Access Token granted to the Client and returning an AuthenticatedPrincipal in the form of an OAuth2User.

ObjectIdentity - Interface in org.springframework.security.acls.model

Represents the identity of an individual domain object instance.

ObjectIdentityGenerator - Interface in org.springframework.security.acls.model

Strategy which creates an ObjectIdentity from an object identifier (such as a primary key) and type information.

ObjectIdentityImpl - Class in org.springframework.security.acls.domain

Simple implementation of ObjectIdentity.

ObjectIdentityImpl(Class<?>, Serializable) - Constructor for class org.springframework.security.acls.domain.ObjectIdentityImpl

Constructor which uses the name of the supplied class as the type property.

ObjectIdentityImpl(Object) - Constructor for class org.springframework.security.acls.domain.ObjectIdentityImpl

Creates the ObjectIdentityImpl based on the passed object instance.

ObjectIdentityImpl(String, Serializable) - Constructor for class org.springframework.security.acls.domain.ObjectIdentityImpl

objectIdentityRetrievalStrategy - Variable in class org.springframework.security.acls.afterinvocation.AbstractAclProvider

ObjectIdentityRetrievalStrategy - Interface in org.springframework.security.acls.model

Strategy interface that provides the ability to determine which ObjectIdentity will be returned for a particular domain object

ObjectIdentityRetrievalStrategyImpl - Class in org.springframework.security.acls.domain

Basic implementation of ObjectIdentityRetrievalStrategy and ObjectIdentityGenerator that uses the constructors of ObjectIdentityImpl to create the ObjectIdentity.

ObjectIdentityRetrievalStrategyImpl() - Constructor for class org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl

objectPostProcessor(AutowireCapableBeanFactory) - Method in class org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration

objectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Specifies the ObjectPostProcessor to use.

ObjectPostProcessor<T> - Interface in org.springframework.security.config.annotation

Deprecated.

please use ObjectPostProcessor instead

ObjectPostProcessor<T> - Interface in org.springframework.security.config

Allows initialization of Objects.

ObjectPostProcessorConfiguration - Class in org.springframework.security.config.annotation.configuration

Spring Configuration that exports the default ObjectPostProcessor.

ObjectPostProcessorConfiguration() - Constructor for class org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration

ObservationAuthenticationManager - Class in org.springframework.security.authentication

An AuthenticationManager that observes the authentication

ObservationAuthenticationManager(ObservationRegistry, AuthenticationManager) - Constructor for class org.springframework.security.authentication.ObservationAuthenticationManager

ObservationAuthorizationManager<T> - Class in org.springframework.security.authorization

An AuthorizationManager that observes the authorization

ObservationAuthorizationManager(ObservationRegistry, AuthorizationManager<T>) - Constructor for class org.springframework.security.authorization.ObservationAuthorizationManager

ObservationFilterChainDecorator - Class in org.springframework.security.web

A FilterChainProxy.FilterChainDecorator that wraps the chain in before and after observations

ObservationFilterChainDecorator(ObservationRegistry) - Constructor for class org.springframework.security.web.ObservationFilterChainDecorator

ObservationMarkingAccessDeniedHandler - Class in org.springframework.security.web.access

ObservationMarkingAccessDeniedHandler(ObservationRegistry) - Constructor for class org.springframework.security.web.access.ObservationMarkingAccessDeniedHandler

ObservationMarkingRequestRejectedHandler - Class in org.springframework.security.web.firewall

ObservationMarkingRequestRejectedHandler(ObservationRegistry) - Constructor for class org.springframework.security.web.firewall.ObservationMarkingRequestRejectedHandler

ObservationReactiveAuthenticationManager - Class in org.springframework.security.authentication

An ReactiveAuthenticationManager that observes the authentication

ObservationReactiveAuthenticationManager(ObservationRegistry, ReactiveAuthenticationManager) - Constructor for class org.springframework.security.authentication.ObservationReactiveAuthenticationManager

ObservationReactiveAuthorizationManager<T> - Class in org.springframework.security.authorization

An ReactiveAuthorizationManager that observes the authentication

ObservationReactiveAuthorizationManager(ObservationRegistry, ReactiveAuthorizationManager<T>) - Constructor for class org.springframework.security.authorization.ObservationReactiveAuthorizationManager

ObservationSecurityContextChangedListener - Class in org.springframework.security.core.context

A SecurityContextChangedListener that adds events to an existing Observation If no Observation is present when an event is fired, then the event is unrecorded.

ObservationSecurityContextChangedListener(ObservationRegistry) - Constructor for class org.springframework.security.core.context.ObservationSecurityContextChangedListener

Create a ObservationSecurityContextChangedListener

ObservationWebFilterChainDecorator - Class in org.springframework.security.web.server

A WebFilterChainProxy.WebFilterChainDecorator that wraps the chain in before and after observations

ObservationWebFilterChainDecorator(ObservationRegistry) - Constructor for class org.springframework.security.web.server.ObservationWebFilterChainDecorator

obtainArtifact(HttpServletRequest) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter

If present, gets the artifact (CAS ticket) from the HttpServletRequest.

obtainPassword(HttpServletRequest) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

Enables subclasses to override the composition of the password, such as by including additional values and a separator.

obtainSecurityMetadataSource() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

obtainSecurityMetadataSource() - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor

Deprecated.

obtainSecurityMetadataSource() - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor

Deprecated.

obtainSecurityMetadataSource() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor

Deprecated.

obtainSubject(ServletRequest) - Method in class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter

Obtains the Subject to run as or null if no Subject is available.

obtainUsername(HttpServletRequest) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

Enables subclasses to override the composition of the username, such as by including additional values and a separator.

of(int) - Static method in interface org.springframework.security.web.server.authentication.SessionLimit

Creates a SessionLimit that always returns the given value for any user

of(AuthorizationAdvisorProxyFactory.TargetVisitor...) - Static method in interface org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.TargetVisitor

Compose a set of visitors.

offset() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity

Indicate additional offset in the ordering of the execution of the security interceptors when multiple advices are applied at a specific joinpoint.

OID - Static variable in class org.springframework.security.ldap.ppolicy.PasswordPolicyControl

OID of the Password Policy Control

OidcAuthorizationCodeAuthenticationProvider - Class in org.springframework.security.oauth2.client.oidc.authentication

An implementation of an AuthenticationProvider for the OpenID Connect Core 1.0 Authorization Code Grant Flow.

OidcAuthorizationCodeAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>, OAuth2UserService<OidcUserRequest, OidcUser>) - Constructor for class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider

Constructs an OidcAuthorizationCodeAuthenticationProvider using the provided parameters.

OidcAuthorizationCodeReactiveAuthenticationManager - Class in org.springframework.security.oauth2.client.oidc.authentication

An implementation of an AuthenticationProvider for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.

OidcAuthorizationCodeReactiveAuthenticationManager(ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>, ReactiveOAuth2UserService<OidcUserRequest, OidcUser>) - Constructor for class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager

OidcBackChannelLogoutHandler - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client

A LogoutHandler that locates the sessions associated with a given OIDC Back-Channel Logout Token and invalidates each one.

OidcBackChannelLogoutHandler(OidcSessionRegistry) - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcBackChannelLogoutHandler

OidcBackChannelServerLogoutHandler - Class in org.springframework.security.config.web.server

A ServerLogoutHandler that locates the sessions associated with a given OIDC Back-Channel Logout Token and invalidates each one.

OidcBackChannelServerLogoutHandler(ReactiveOidcSessionRegistry) - Constructor for class org.springframework.security.config.web.server.OidcBackChannelServerLogoutHandler

OidcClientInitiatedLogoutSuccessHandler - Class in org.springframework.security.oauth2.client.oidc.web.logout

A logout success handler for initiating OIDC logout through the user agent.

OidcClientInitiatedLogoutSuccessHandler(ClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler

OidcClientInitiatedServerLogoutSuccessHandler - Class in org.springframework.security.oauth2.client.oidc.web.server.logout

A reactive logout success handler for initiating OIDC logout through the user agent.

OidcClientInitiatedServerLogoutSuccessHandler(ReactiveClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.oidc.web.server.logout.OidcClientInitiatedServerLogoutSuccessHandler

Constructs an OidcClientInitiatedServerLogoutSuccessHandler with the provided parameters

OidcIdToken - Class in org.springframework.security.oauth2.core.oidc

An implementation of an AbstractOAuth2Token representing an OpenID Connect Core 1.0 ID Token.

OidcIdToken(String, Instant, Instant, Map<String, Object>) - Constructor for class org.springframework.security.oauth2.core.oidc.OidcIdToken

Constructs a OidcIdToken using the provided parameters.

OidcIdToken.Builder - Class in org.springframework.security.oauth2.core.oidc

A builder for OidcIdTokens

OidcIdTokenDecoderFactory - Class in org.springframework.security.oauth2.client.oidc.authentication

A factory that provides a JwtDecoder used for OidcIdToken signature verification.

OidcIdTokenDecoderFactory() - Constructor for class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory

OidcIdTokenValidator - Class in org.springframework.security.oauth2.client.oidc.authentication

An OAuth2TokenValidator responsible for validating the claims in an ID Token.

OidcIdTokenValidator(ClientRegistration) - Constructor for class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenValidator

oidcLogin() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors

Establish a SecurityContext that has a OAuth2AuthenticationToken for the Authentication, a OidcUser as the principal, and a OAuth2AuthorizedClient in the session.

oidcLogout() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

oidcLogout(Customizer<OidcLogoutConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

oidcLogout(Customizer<ServerHttpSecurity.OidcLogoutSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures OIDC Connect 1.0 Logout support.

OidcLogoutConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client

An AbstractHttpConfigurer for OIDC Logout flows

OidcLogoutConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer

OidcLogoutConfigurer.BackChannelLogoutConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client

A configurer for configuring OIDC Back-Channel Logout

OidcLogoutSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec

OidcLogoutToken - Class in org.springframework.security.oauth2.client.oidc.authentication.logout

An implementation of an AbstractOAuth2Token representing an OpenID Backchannel Logout Token.

OidcLogoutToken.Builder - Class in org.springframework.security.oauth2.client.oidc.authentication.logout

A builder for OidcLogoutTokens

OidcParameterNames - Class in org.springframework.security.oauth2.core.oidc.endpoint

Standard parameter names defined in the OAuth Parameters Registry and used by the authorization endpoint and token endpoint.

OidcReactiveOAuth2UserService - Class in org.springframework.security.oauth2.client.oidc.userinfo

An implementation of an ReactiveOAuth2UserService that supports OpenID Connect 1.0 Provider's.

OidcReactiveOAuth2UserService() - Constructor for class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService

OidcScopes - Class in org.springframework.security.oauth2.core.oidc

The scope values defined by the OpenID Connect Core 1.0 specification that can be used to request claims.

OidcSessionInformation - Class in org.springframework.security.oauth2.client.oidc.session

A SessionInformation extension that enforces the principal be of type OidcUser.

OidcSessionInformation(String, Map<String, String>, OidcUser) - Constructor for class org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation

Construct an OidcSessionInformation

oidcSessionRegistry(ReactiveOidcSessionRegistry) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

Configures the ReactiveOidcSessionRegistry to use when logins use OIDC.

oidcSessionRegistry(ReactiveOidcSessionRegistry) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec

Configures the ReactiveOidcSessionRegistry.

oidcSessionRegistry(OidcSessionRegistry) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Sets the registry for managing the OIDC client-provider session link

oidcSessionRegistry(OidcSessionRegistry) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer

Sets the registry for managing the OIDC client-provider session link

OidcSessionRegistry - Interface in org.springframework.security.oauth2.client.oidc.session

A registry to record the tie between the OIDC Provider session and the Client session.

oidcUser(OidcUser) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator

Use the provided OidcUser as the authenticated user.

oidcUser(OidcUser) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor

Use the provided OidcUser as the authenticated user.

OidcUser - Interface in org.springframework.security.oauth2.core.oidc.user

A representation of a user Principal that is registered with an OpenID Connect 1.0 Provider.

OidcUserAuthority - Class in org.springframework.security.oauth2.core.oidc.user

A GrantedAuthority that may be associated to an OidcUser.

OidcUserAuthority(String, OidcIdToken, OidcUserInfo) - Constructor for class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority

Constructs a OidcUserAuthority using the provided parameters.

OidcUserAuthority(String, OidcIdToken, OidcUserInfo, String) - Constructor for class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority

Constructs a OidcUserAuthority using the provided parameters.

OidcUserAuthority(OidcIdToken) - Constructor for class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority

Constructs a OidcUserAuthority using the provided parameters.

OidcUserAuthority(OidcIdToken, OidcUserInfo) - Constructor for class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority

Constructs a OidcUserAuthority using the provided parameters and defaults OAuth2UserAuthority.getAuthority() to OIDC_USER.

OidcUserAuthority(OidcIdToken, OidcUserInfo, String) - Constructor for class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority

Constructs a OidcUserAuthority using the provided parameters and defaults OAuth2UserAuthority.getAuthority() to OIDC_USER.

OidcUserInfo - Class in org.springframework.security.oauth2.core.oidc

A representation of a UserInfo Response that is returned from the OAuth 2.0 Protected Resource UserInfo Endpoint.

OidcUserInfo(Map<String, Object>) - Constructor for class org.springframework.security.oauth2.core.oidc.OidcUserInfo

Constructs a OidcUserInfo using the provided parameters.

OidcUserInfo.Builder - Class in org.springframework.security.oauth2.core.oidc

A builder for OidcUserInfos

OidcUserRequest - Class in org.springframework.security.oauth2.client.oidc.userinfo

Represents a request the OidcUserService uses when initiating a request to the UserInfo Endpoint.

OidcUserRequest(ClientRegistration, OAuth2AccessToken, OidcIdToken) - Constructor for class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest

Constructs an OidcUserRequest using the provided parameters.

OidcUserRequest(ClientRegistration, OAuth2AccessToken, OidcIdToken, Map<String, Object>) - Constructor for class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest

Constructs an OidcUserRequest using the provided parameters.

oidcUserService(OAuth2UserService<OidcUserRequest, OidcUser>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig

Sets the OpenID Connect 1.0 service used for obtaining the user attributes of the End-User from the UserInfo Endpoint.

OidcUserService - Class in org.springframework.security.oauth2.client.oidc.userinfo

An implementation of an OAuth2UserService that supports OpenID Connect 1.0 Provider's.

OidcUserService() - Constructor for class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService

OKTA - Enum constant in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider

onApplicationEvent(ApplicationEvent) - Method in class org.springframework.security.context.DelegatingApplicationListener

onApplicationEvent(AbstractAuthorizationEvent) - Method in class org.springframework.security.access.event.LoggerListener

Deprecated.

onApplicationEvent(AbstractAuthenticationEvent) - Method in class org.springframework.security.authentication.event.LoggerListener

onApplicationEvent(AbstractSessionEvent) - Method in class org.springframework.security.core.session.SessionRegistryImpl

onApplicationEvent(SessionDestroyedEvent) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider

onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy

Called when a user is newly authenticated.

onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy

onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy

In addition to the steps from the superclass, the sessionRegistry will be updated with the new session information.

onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy

onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy

In addition to the steps from the superclass, the sessionRegistry will be updated with the new session information.

onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.authentication.session.SessionAuthenticationStrategy

Performs Http session-related functionality when a new authentication occurs.

onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.csrf.CsrfAuthenticationStrategy

onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler

onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in interface org.springframework.security.web.authentication.AuthenticationFailureHandler

Called when an authentication attempt fails.

onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationFailureHandler

onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler

onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.ForwardAuthenticationFailureHandler

onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler

Performs the redirect or forward to the defaultFailureUrl if set, otherwise returns a 401 error code.

onAuthenticationFailure(WebFilterExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler

onAuthenticationFailure(WebFilterExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.ServerAuthenticationEntryPointFailureHandler

onAuthenticationFailure(WebFilterExchange, AuthenticationException) - Method in interface org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler

Invoked when authentication attempt fails

onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) - Method in interface org.springframework.security.web.authentication.AuthenticationSuccessHandler

Called when a user has been successfully authenticated.

onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in interface org.springframework.security.web.authentication.AuthenticationSuccessHandler

Called when a user has been successfully authenticated.

onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler

onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.HttpMessageConverterAuthenticationSuccessHandler

onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler

onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler

Calls the parent class handle() method to forward or redirect to the target URL, and then calls clearAuthenticationAttributes() to remove any leftover session data.

onAuthenticationSuccess(Authentication, WebFilterExchange) - Method in class org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter

onAuthenticationSuccess(Authentication, WebFilterExchange) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter

onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.ConcurrentSessionControlServerAuthenticationSuccessHandler

onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationSuccessHandler

onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler

onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.RegisterSessionServerAuthenticationSuccessHandler

onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in interface org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler

Invoked when the application authenticates successfully

onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.WebFilterChainServerAuthenticationSuccessHandler

onAuthorizationFailure(OAuth2AuthorizationException, Authentication, Map<String, Object>) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizationFailureHandler

Called when an OAuth 2.0 Client fails to authorize (or re-authorize) via the Authorization Server or Resource Server.

onAuthorizationFailure(OAuth2AuthorizationException, Authentication, Map<String, Object>) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizationFailureHandler

Called when an OAuth 2.0 Client fails to authorize (or re-authorize) via the authorization server or resource server.

onAuthorizationFailure(OAuth2AuthorizationException, Authentication, Map<String, Object>) - Method in class org.springframework.security.oauth2.client.RemoveAuthorizedClientOAuth2AuthorizationFailureHandler

onAuthorizationFailure(OAuth2AuthorizationException, Authentication, Map<String, Object>) - Method in class org.springframework.security.oauth2.client.RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler

onAuthorizationSuccess(OAuth2AuthorizedClient, Authentication, Map<String, Object>) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizationSuccessHandler

Called when an OAuth 2.0 Client has been successfully authorized (or re-authorized) via the Authorization Server.

onAuthorizationSuccess(OAuth2AuthorizedClient, Authentication, Map<String, Object>) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizationSuccessHandler

Called when an OAuth 2.0 Client has been successfully authorized (or re-authorized) via the authorization server.

OnCommittedResponseWrapper - Class in org.springframework.security.web.util

Base class for response wrappers which encapsulate the logic for handling an event when the HttpServletResponse is committed.

OnCommittedResponseWrapper(HttpServletResponse) - Constructor for class org.springframework.security.web.util.OnCommittedResponseWrapper

ONE_TIME_TOKEN - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

GenerateOneTimeTokenWebFilter

ONE_TIME_TOKEN_SUBMIT_PAGE_GENERATING - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

OneTimeTokenSubmitPageGeneratingWebFilter

OneTimeToken - Interface in org.springframework.security.authentication.ott

Represents a one-time use token with an associated username and expiration time.

OneTimeTokenAuthenticationConverter - Class in org.springframework.security.web.authentication.ott

An implementation of AuthenticationConverter that detects if the request contains a token parameter and constructs a OneTimeTokenAuthenticationToken with it.

OneTimeTokenAuthenticationConverter() - Constructor for class org.springframework.security.web.authentication.ott.OneTimeTokenAuthenticationConverter

OneTimeTokenAuthenticationProvider - Class in org.springframework.security.authentication.ott

An AuthenticationProvider responsible for authenticating users based on one-time tokens.

OneTimeTokenAuthenticationProvider(OneTimeTokenService, UserDetailsService) - Constructor for class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationProvider

OneTimeTokenAuthenticationToken - Class in org.springframework.security.authentication.ott

Represents a One-Time Token authentication that can be authenticated or not.

OneTimeTokenAuthenticationToken(Object, String) - Constructor for class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken

OneTimeTokenAuthenticationToken(Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken

OneTimeTokenAuthenticationToken(String) - Constructor for class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken

OneTimeTokenGenerationSuccessHandler - Interface in org.springframework.security.web.authentication.ott

Defines a strategy to handle generated one-time tokens.

oneTimeTokenLogin(Customizer<OneTimeTokenLoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures One-Time Token Login Support.

oneTimeTokenLogin(Customizer<ServerHttpSecurity.OneTimeTokenLoginSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures One-Time Token Login Support.

OneTimeTokenLoginConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.ott

OneTimeTokenLoginConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer

OneTimeTokenLoginSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec

OneTimeTokenReactiveAuthenticationManager - Class in org.springframework.security.authentication.ott.reactive

A ReactiveAuthenticationManager for one time tokens.

OneTimeTokenReactiveAuthenticationManager(ReactiveOneTimeTokenService, ReactiveUserDetailsService) - Constructor for class org.springframework.security.authentication.ott.reactive.OneTimeTokenReactiveAuthenticationManager

OneTimeTokenService - Interface in org.springframework.security.authentication.ott

Interface for generating and consuming one-time tokens.

OneTimeTokenSubmitPageGeneratingWebFilter - Class in org.springframework.security.web.server.ui

Creates a default one-time token submit page.

OneTimeTokenSubmitPageGeneratingWebFilter() - Constructor for class org.springframework.security.web.server.ui.OneTimeTokenSubmitPageGeneratingWebFilter

onExpiredSessionDetected(SessionInformationExpiredEvent) - Method in interface org.springframework.security.web.session.SessionInformationExpiredStrategy

onExpiredSessionDetected(SessionInformationExpiredEvent) - Method in class org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy

onInvalidSessionDetected(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.session.InvalidSessionStrategy

onInvalidSessionDetected(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.session.RequestedUrlRedirectInvalidSessionStrategy

onInvalidSessionDetected(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy

onLoginFail(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

onLoginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

Called from loginSuccess when a remember-me login has been requested.

onLoginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices

Creates a new persistent login token with a new series number, stores the data in the persistent token repository and adds the corresponding cookie to the response.

onLoginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices

onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2RelyingPartyInitiatedLogoutSuccessHandler

Produce and send a SAML 2.0 Logout Response based on the SAML 2.0 Logout Request received from the asserting party

onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.DelegatingLogoutSuccessHandler

onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.ForwardLogoutSuccessHandler

onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler

Implementation of LogoutSuccessHandler.onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) .

onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in interface org.springframework.security.web.authentication.logout.LogoutSuccessHandler

onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler

onLogoutSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.oauth2.client.oidc.web.server.logout.OidcClientInitiatedServerLogoutSuccessHandler

onLogoutSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.HttpStatusReturningServerLogoutSuccessHandler

Implementation of ServerLogoutSuccessHandler.onLogoutSuccess(WebFilterExchange, Authentication).

onLogoutSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler

onLogoutSuccess(WebFilterExchange, Authentication) - Method in interface org.springframework.security.web.server.authentication.logout.ServerLogoutSuccessHandler

Invoked after log out was successful

onResponseCommitted() - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper

Deprecated.

Calls saveContext() with the current contents of the SecurityContextHolder as long as () was not invoked.

onResponseCommitted() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper

Implement the logic for handling the HttpServletResponse being committed

onSessionChange(String, HttpSession, Authentication) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy

Called when the session has been changed and the old attributes have been migrated to the new session.

onStartup(ServletContext) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer

onSuccessfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter

Called if a remember-me token is presented and successfully authenticated by the RememberMeServices autoLogin method and the AuthenticationManager.

onSuccessfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter

onUnsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter

Called if the AuthenticationManager rejects the authentication object returned from the RememberMeServices autoLogin method.

onUnsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter

OPAQUE_TOKEN - Static variable in class org.springframework.security.config.Elements

opaqueToken() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use OAuth2ResourceServerConfigurer.opaqueToken(Customizer) or opaqueToken(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

opaqueToken() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.OAuth2ResourceServerSpec.opaqueToken(Customizer) or opaqueToken(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

opaqueToken() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors

Establish a SecurityContext that has a BearerTokenAuthentication for the Authentication and a OAuth2AuthenticatedPrincipal for the Authentication.getPrincipal().

opaqueToken(Customizer<OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

Enables opaque bearer token support.

opaqueToken(Customizer<ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

Enables Opaque Token Resource Server support.

OpaqueTokenAuthenticationConverter - Interface in org.springframework.security.oauth2.server.resource.introspection

Convert a successful introspection result into an authentication result.

OpaqueTokenAuthenticationProvider - Class in org.springframework.security.oauth2.server.resource.authentication

An AuthenticationProvider implementation for opaque Bearer Tokens, using an OAuth 2.0 Introspection Endpoint to check the token's validity and reveal its attributes.

OpaqueTokenAuthenticationProvider(OpaqueTokenIntrospector) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider

Creates a OpaqueTokenAuthenticationProvider with the provided parameters

OpaqueTokenIntrospector - Interface in org.springframework.security.oauth2.server.resource.introspection

A contract for introspecting and verifying an OAuth 2.0 token.

OpaqueTokenReactiveAuthenticationManager - Class in org.springframework.security.oauth2.server.resource.authentication

An ReactiveAuthenticationManager implementation for opaque Bearer Tokens, using an OAuth 2.0 Introspection Endpoint to check the token's validity and reveal its attributes.

OpaqueTokenReactiveAuthenticationManager(ReactiveOpaqueTokenIntrospector) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager

Creates a OpaqueTokenReactiveAuthenticationManager with the provided parameters

OPENER_POLICY - Static variable in class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter

OPENID - Static variable in class org.springframework.security.oauth2.core.oidc.OidcScopes

The openid scope is required for OpenID Connect Authentication Requests.

OpenSamlAssertingPartyDetails - Class in org.springframework.security.saml2.provider.service.registration

A RelyingPartyRegistration.AssertingPartyDetails that contains OpenSAML-specific members

OpenSamlAssertingPartyDetails.Builder - Class in org.springframework.security.saml2.provider.service.registration

An OpenSAML version of RelyingPartyRegistration.AssertingPartyDetails.Builder that contains the underlying EntityDescriptor

OpenSamlInitializationService - Class in org.springframework.security.saml2.core

An initialization service for initializing OpenSAML.

OpenSamlRelyingPartyRegistration - Class in org.springframework.security.saml2.provider.service.registration

Deprecated.

This class no longer is needed in order to transmit the EntityDescriptor to OpenSamlAssertingPartyDetails. Instead of doing:

        if (registration instanceof OpenSamlRelyingPartyRegistration openSamlRegistration) {
            EntityDescriptor descriptor = openSamlRegistration.getAssertingPartyDetails.getEntityDescriptor();
        }
 

do instead:

        if (registration.getAssertingPartyMetadata() instanceof openSamlAssertingPartyDetails) {
            EntityDescriptor descriptor = openSamlAssertingPartyDetails.getEntityDescriptor();
        }
 

OpenSamlRelyingPartyRegistration.Builder - Class in org.springframework.security.saml2.provider.service.registration

Deprecated.

An OpenSAML version of RelyingPartyRegistration.AssertingPartyDetails.Builder that contains the underlying EntityDescriptor

OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter - Class in org.springframework.security.saml2.provider.service.registration

An HttpMessageConverter that takes an IDPSSODescriptor in an HTTP response and converts it into a RelyingPartyRegistration.Builder.

OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter() - Constructor for class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter

order() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity

Deprecated.

Indicate the ordering of the execution of the security advisor when multiple advices are applied at a specific joinpoint.

order() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity

Indicate the ordering of the execution of the security advisor when multiple advices are applied at a specific joinpoint.

ORDERED - Static variable in class org.springframework.security.crypto.codec.Base64

Deprecated.

Encode using the special "ordered" dialect of Base64.

org.springframework.security.access - package org.springframework.security.access

Core access-control related code, including security metadata related classes, interception code, access control annotations, EL support and voter-based implementations of the central AccessDecisionManager interface.

org.springframework.security.access.annotation - package org.springframework.security.access.annotation

Support for JSR-250 and Spring Security @Secured annotations.

org.springframework.security.access.event - package org.springframework.security.access.event

Authorization event and listener classes.

org.springframework.security.access.expression - package org.springframework.security.access.expression

Expression handling code to support the use of Spring-EL based expressions in @PreAuthorize, @PreFilter, @PostAuthorize and @PostFilter annotations.

org.springframework.security.access.expression.method - package org.springframework.security.access.expression.method

Implementation of expression-based method security.

org.springframework.security.access.hierarchicalroles - package org.springframework.security.access.hierarchicalroles

Role hierarchy implementation.

org.springframework.security.access.intercept - package org.springframework.security.access.intercept

Abstract level security interception classes which are responsible for enforcing the configured security constraints for a secure object.

org.springframework.security.access.intercept.aopalliance - package org.springframework.security.access.intercept.aopalliance

Enforces security for AOP Alliance MethodInvocations, such as via Spring AOP.

org.springframework.security.access.intercept.aspectj - package org.springframework.security.access.intercept.aspectj

Enforces security for AspectJ JointPoints, delegating secure object callbacks to the calling aspect.

org.springframework.security.access.method - package org.springframework.security.access.method

Provides SecurityMetadataSource implementations for securing Java method invocations via different AOP libraries.

org.springframework.security.access.prepost - package org.springframework.security.access.prepost

Contains the infrastructure classes for handling the @PreAuthorize, @PreFilter, @PostAuthorize and @PostFilter annotations.

org.springframework.security.access.vote - package org.springframework.security.access.vote

Implements a vote-based approach to authorization decisions.

org.springframework.security.acls - package org.springframework.security.acls

The Spring Security ACL package which implements instance-based security for domain objects.

org.springframework.security.acls.afterinvocation - package org.springframework.security.acls.afterinvocation

After-invocation providers for collection and array filtering.

org.springframework.security.acls.domain - package org.springframework.security.acls.domain

Basic implementation of access control lists (ACLs) interfaces.

org.springframework.security.acls.jdbc - package org.springframework.security.acls.jdbc

JDBC-based persistence of ACL information

org.springframework.security.acls.model - package org.springframework.security.acls.model

Interfaces and shared classes to manage access control lists (ACLs) for domain object instances.

org.springframework.security.aot.hint - package org.springframework.security.aot.hint

org.springframework.security.authentication - package org.springframework.security.authentication

Core classes and interfaces related to user authentication, which are used throughout Spring Security.

org.springframework.security.authentication.dao - package org.springframework.security.authentication.dao

An AuthenticationProvider which relies upon a data access object.

org.springframework.security.authentication.event - package org.springframework.security.authentication.event

Authentication success and failure events which can be published to the Spring application context.

org.springframework.security.authentication.jaas - package org.springframework.security.authentication.jaas

An authentication provider for JAAS.

org.springframework.security.authentication.jaas.event - package org.springframework.security.authentication.jaas.event

JAAS authentication events which can be published to the Spring application context by the JAAS authentication provider.

org.springframework.security.authentication.jaas.memory - package org.springframework.security.authentication.jaas.memory

An in memory JAAS implementation.

org.springframework.security.authentication.ott - package org.springframework.security.authentication.ott

org.springframework.security.authentication.ott.reactive - package org.springframework.security.authentication.ott.reactive

org.springframework.security.authentication.password - package org.springframework.security.authentication.password

org.springframework.security.authorization - package org.springframework.security.authorization

org.springframework.security.authorization.event - package org.springframework.security.authorization.event

org.springframework.security.authorization.method - package org.springframework.security.authorization.method

org.springframework.security.cas - package org.springframework.security.cas

Spring Security support for Apereo's Central Authentication Service (CAS).

org.springframework.security.cas.authentication - package org.springframework.security.cas.authentication

An AuthenticationProvider that can process CAS service tickets and proxy tickets.

org.springframework.security.cas.jackson2 - package org.springframework.security.cas.jackson2

org.springframework.security.cas.userdetails - package org.springframework.security.cas.userdetails

org.springframework.security.cas.web - package org.springframework.security.cas.web

Authenticates standard web browser users via CAS.

org.springframework.security.cas.web.authentication - package org.springframework.security.cas.web.authentication

Authentication processing mechanisms which respond to the submission of authentication credentials using CAS.

org.springframework.security.concurrent - package org.springframework.security.concurrent

org.springframework.security.config - package org.springframework.security.config

Support classes for the Spring Security namespace.

org.springframework.security.config.annotation - package org.springframework.security.config.annotation

org.springframework.security.config.annotation.authentication - package org.springframework.security.config.annotation.authentication

org.springframework.security.config.annotation.authentication.builders - package org.springframework.security.config.annotation.authentication.builders

org.springframework.security.config.annotation.authentication.configuration - package org.springframework.security.config.annotation.authentication.configuration

org.springframework.security.config.annotation.authentication.configurers.ldap - package org.springframework.security.config.annotation.authentication.configurers.ldap

org.springframework.security.config.annotation.authentication.configurers.provisioning - package org.springframework.security.config.annotation.authentication.configurers.provisioning

org.springframework.security.config.annotation.authentication.configurers.userdetails - package org.springframework.security.config.annotation.authentication.configurers.userdetails

org.springframework.security.config.annotation.configuration - package org.springframework.security.config.annotation.configuration

org.springframework.security.config.annotation.method.configuration - package org.springframework.security.config.annotation.method.configuration

org.springframework.security.config.annotation.rsocket - package org.springframework.security.config.annotation.rsocket

org.springframework.security.config.annotation.web - package org.springframework.security.config.annotation.web

org.springframework.security.config.annotation.web.builders - package org.springframework.security.config.annotation.web.builders

org.springframework.security.config.annotation.web.configuration - package org.springframework.security.config.annotation.web.configuration

org.springframework.security.config.annotation.web.configurers - package org.springframework.security.config.annotation.web.configurers

org.springframework.security.config.annotation.web.configurers.oauth2.client - package org.springframework.security.config.annotation.web.configurers.oauth2.client

org.springframework.security.config.annotation.web.configurers.oauth2.server.resource - package org.springframework.security.config.annotation.web.configurers.oauth2.server.resource

org.springframework.security.config.annotation.web.configurers.ott - package org.springframework.security.config.annotation.web.configurers.ott

org.springframework.security.config.annotation.web.configurers.saml2 - package org.springframework.security.config.annotation.web.configurers.saml2

org.springframework.security.config.annotation.web.messaging - package org.springframework.security.config.annotation.web.messaging

org.springframework.security.config.annotation.web.reactive - package org.springframework.security.config.annotation.web.reactive

org.springframework.security.config.annotation.web.servlet.configuration - package org.springframework.security.config.annotation.web.servlet.configuration

org.springframework.security.config.annotation.web.socket - package org.springframework.security.config.annotation.web.socket

org.springframework.security.config.authentication - package org.springframework.security.config.authentication

Parsing of <authentication-manager> and related elements.

org.springframework.security.config.core - package org.springframework.security.config.core

org.springframework.security.config.core.userdetails - package org.springframework.security.config.core.userdetails

org.springframework.security.config.crypto - package org.springframework.security.config.crypto

org.springframework.security.config.debug - package org.springframework.security.config.debug

org.springframework.security.config.http - package org.springframework.security.config.http

Parsing of the <http> namespace element.

org.springframework.security.config.ldap - package org.springframework.security.config.ldap

Security namespace support for LDAP authentication.

org.springframework.security.config.method - package org.springframework.security.config.method

Support for parsing of the <global-method-security> and <intercept-methods> elements.

org.springframework.security.config.oauth2.client - package org.springframework.security.config.oauth2.client

org.springframework.security.config.observation - package org.springframework.security.config.observation

org.springframework.security.config.provisioning - package org.springframework.security.config.provisioning

org.springframework.security.config.saml2 - package org.springframework.security.config.saml2

org.springframework.security.config.web.server - package org.springframework.security.config.web.server

org.springframework.security.config.websocket - package org.springframework.security.config.websocket

org.springframework.security.context - package org.springframework.security.context

org.springframework.security.converter - package org.springframework.security.converter

org.springframework.security.core - package org.springframework.security.core

Core classes and interfaces related to user authentication and authorization, as well as the maintenance of a security context.

org.springframework.security.core.annotation - package org.springframework.security.core.annotation

org.springframework.security.core.authority - package org.springframework.security.core.authority

The default implementation of the GrantedAuthority interface.

org.springframework.security.core.authority.mapping - package org.springframework.security.core.authority.mapping

Strategies for mapping a list of attributes (such as roles or LDAP groups) to a list of GrantedAuthoritys.

org.springframework.security.core.context - package org.springframework.security.core.context

Classes related to the establishment of a security context for the duration of a request (such as an HTTP or RMI invocation).

org.springframework.security.core.parameters - package org.springframework.security.core.parameters

org.springframework.security.core.session - package org.springframework.security.core.session

Session abstraction which is provided by the org.springframework.security.core.session.SessionInformation SessionInformation class.

org.springframework.security.core.token - package org.springframework.security.core.token

A service for building secure random tokens.

org.springframework.security.core.userdetails - package org.springframework.security.core.userdetails

The standard interfaces for implementing user data DAOs.

org.springframework.security.core.userdetails.cache - package org.springframework.security.core.userdetails.cache

Implementations of UserCache.

org.springframework.security.core.userdetails.jdbc - package org.springframework.security.core.userdetails.jdbc

Exposes a JDBC-based authentication repository, implementing org.springframework.security.core.userdetails.UserDetailsService UserDetailsService.

org.springframework.security.core.userdetails.memory - package org.springframework.security.core.userdetails.memory

Exposes an in-memory authentication repository.

org.springframework.security.crypto.argon2 - package org.springframework.security.crypto.argon2

org.springframework.security.crypto.bcrypt - package org.springframework.security.crypto.bcrypt

org.springframework.security.crypto.codec - package org.springframework.security.crypto.codec

Internal codec classes.

org.springframework.security.crypto.encrypt - package org.springframework.security.crypto.encrypt

org.springframework.security.crypto.factory - package org.springframework.security.crypto.factory

org.springframework.security.crypto.keygen - package org.springframework.security.crypto.keygen

org.springframework.security.crypto.password - package org.springframework.security.crypto.password

org.springframework.security.crypto.scrypt - package org.springframework.security.crypto.scrypt

org.springframework.security.crypto.util - package org.springframework.security.crypto.util

org.springframework.security.data.aot.hint - package org.springframework.security.data.aot.hint

org.springframework.security.data.repository.query - package org.springframework.security.data.repository.query

org.springframework.security.jackson2 - package org.springframework.security.jackson2

Mix-in classes to add Jackson serialization support.

org.springframework.security.ldap - package org.springframework.security.ldap

Spring Security's LDAP module.

org.springframework.security.ldap.authentication - package org.springframework.security.ldap.authentication

The LDAP authentication provider package.

org.springframework.security.ldap.authentication.ad - package org.springframework.security.ldap.authentication.ad

org.springframework.security.ldap.jackson2 - package org.springframework.security.ldap.jackson2

org.springframework.security.ldap.ppolicy - package org.springframework.security.ldap.ppolicy

Implementation of password policy functionality based on the Password Policy for LDAP Directories.

org.springframework.security.ldap.search - package org.springframework.security.ldap.search

LdapUserSearch implementations.

org.springframework.security.ldap.server - package org.springframework.security.ldap.server

Embedded Apache Directory Server implementation, as used by the configuration namespace.

org.springframework.security.ldap.userdetails - package org.springframework.security.ldap.userdetails

LDAP-focused UserDetails implementations which map from a ubset of the data contained in some of the standard LDAP types (such as InetOrgPerson).

org.springframework.security.messaging.access.expression - package org.springframework.security.messaging.access.expression

org.springframework.security.messaging.access.intercept - package org.springframework.security.messaging.access.intercept

org.springframework.security.messaging.context - package org.springframework.security.messaging.context

org.springframework.security.messaging.handler.invocation.reactive - package org.springframework.security.messaging.handler.invocation.reactive

org.springframework.security.messaging.util.matcher - package org.springframework.security.messaging.util.matcher

org.springframework.security.messaging.web.csrf - package org.springframework.security.messaging.web.csrf

org.springframework.security.messaging.web.socket.server - package org.springframework.security.messaging.web.socket.server

org.springframework.security.oauth2.client - package org.springframework.security.oauth2.client

Core classes and interfaces providing support for OAuth 2.0 Client.

org.springframework.security.oauth2.client.annotation - package org.springframework.security.oauth2.client.annotation

org.springframework.security.oauth2.client.authentication - package org.springframework.security.oauth2.client.authentication

Support classes and interfaces for authenticating and authorizing a client with an OAuth 2.0 Authorization Server using a specific authorization grant flow.

org.springframework.security.oauth2.client.endpoint - package org.springframework.security.oauth2.client.endpoint

Classes and interfaces providing support to the client for initiating requests to the Authorization Server's Protocol Endpoints.

org.springframework.security.oauth2.client.http - package org.springframework.security.oauth2.client.http

org.springframework.security.oauth2.client.jackson2 - package org.springframework.security.oauth2.client.jackson2

org.springframework.security.oauth2.client.oidc.authentication - package org.springframework.security.oauth2.client.oidc.authentication

Support classes and interfaces for authenticating and authorizing a client with an OpenID Connect 1.0 Provider using a specific authorization grant flow.

org.springframework.security.oauth2.client.oidc.authentication.logout - package org.springframework.security.oauth2.client.oidc.authentication.logout

org.springframework.security.oauth2.client.oidc.server.session - package org.springframework.security.oauth2.client.oidc.server.session

org.springframework.security.oauth2.client.oidc.session - package org.springframework.security.oauth2.client.oidc.session

org.springframework.security.oauth2.client.oidc.userinfo - package org.springframework.security.oauth2.client.oidc.userinfo

Classes and interfaces providing support to the client for initiating requests to the OpenID Connect 1.0 Provider's UserInfo Endpoint.

org.springframework.security.oauth2.client.oidc.web.logout - package org.springframework.security.oauth2.client.oidc.web.logout

org.springframework.security.oauth2.client.oidc.web.server.logout - package org.springframework.security.oauth2.client.oidc.web.server.logout

org.springframework.security.oauth2.client.registration - package org.springframework.security.oauth2.client.registration

Classes and interfaces that provide support for ClientRegistration.

org.springframework.security.oauth2.client.userinfo - package org.springframework.security.oauth2.client.userinfo

Classes and interfaces providing support to the client for initiating requests to the OAuth 2.0 Authorization Server's UserInfo Endpoint.

org.springframework.security.oauth2.client.web - package org.springframework.security.oauth2.client.web

OAuth 2.0 Client Filter's and supporting classes and interfaces.

org.springframework.security.oauth2.client.web.client - package org.springframework.security.oauth2.client.web.client

org.springframework.security.oauth2.client.web.method.annotation - package org.springframework.security.oauth2.client.web.method.annotation

org.springframework.security.oauth2.client.web.reactive.function.client - package org.springframework.security.oauth2.client.web.reactive.function.client

org.springframework.security.oauth2.client.web.reactive.result.method.annotation - package org.springframework.security.oauth2.client.web.reactive.result.method.annotation

org.springframework.security.oauth2.client.web.server - package org.springframework.security.oauth2.client.web.server

org.springframework.security.oauth2.client.web.server.authentication - package org.springframework.security.oauth2.client.web.server.authentication

org.springframework.security.oauth2.core - package org.springframework.security.oauth2.core

Core classes and interfaces providing support for the OAuth 2.0 Authorization Framework.

org.springframework.security.oauth2.core.authorization - package org.springframework.security.oauth2.core.authorization

org.springframework.security.oauth2.core.converter - package org.springframework.security.oauth2.core.converter

org.springframework.security.oauth2.core.endpoint - package org.springframework.security.oauth2.core.endpoint

Support classes that model the OAuth 2.0 Request and Response messages from the Authorization Endpoint and Token Endpoint.

org.springframework.security.oauth2.core.http.converter - package org.springframework.security.oauth2.core.http.converter

org.springframework.security.oauth2.core.oidc - package org.springframework.security.oauth2.core.oidc

Core classes and interfaces providing support for OpenID Connect Core 1.0.

org.springframework.security.oauth2.core.oidc.endpoint - package org.springframework.security.oauth2.core.oidc.endpoint

Support classes that model the OpenID Connect Core 1.0 Request and Response messages from the Authorization Endpoint and Token Endpoint.

org.springframework.security.oauth2.core.oidc.user - package org.springframework.security.oauth2.core.oidc.user

Provides a model for an OpenID Connect Core 1.0 representation of a user Principal.

org.springframework.security.oauth2.core.user - package org.springframework.security.oauth2.core.user

Provides a model for an OAuth 2.0 representation of a user Principal.

org.springframework.security.oauth2.core.web.reactive.function - package org.springframework.security.oauth2.core.web.reactive.function

org.springframework.security.oauth2.jose - package org.springframework.security.oauth2.jose

org.springframework.security.oauth2.jose.jws - package org.springframework.security.oauth2.jose.jws

Core classes and interfaces providing support for JSON Web Signature (JWS).

org.springframework.security.oauth2.jwt - package org.springframework.security.oauth2.jwt

Core classes and interfaces providing support for JSON Web Token (JWT).

org.springframework.security.oauth2.server.resource - package org.springframework.security.oauth2.server.resource

OAuth 2.0 Resource Server core classes and interfaces providing support.

org.springframework.security.oauth2.server.resource.authentication - package org.springframework.security.oauth2.server.resource.authentication

OAuth 2.0 Resource Server Authentications and supporting classes and interfaces.

org.springframework.security.oauth2.server.resource.introspection - package org.springframework.security.oauth2.server.resource.introspection

OAuth 2.0 Introspection supporting classes and interfaces.

org.springframework.security.oauth2.server.resource.web - package org.springframework.security.oauth2.server.resource.web

OAuth 2.0 Resource Server Filter's and supporting classes and interfaces.

org.springframework.security.oauth2.server.resource.web.access - package org.springframework.security.oauth2.server.resource.web.access

OAuth 2.0 Resource Server access denial classes and interfaces.

org.springframework.security.oauth2.server.resource.web.access.server - package org.springframework.security.oauth2.server.resource.web.access.server

org.springframework.security.oauth2.server.resource.web.authentication - package org.springframework.security.oauth2.server.resource.web.authentication

org.springframework.security.oauth2.server.resource.web.reactive.function.client - package org.springframework.security.oauth2.server.resource.web.reactive.function.client

org.springframework.security.oauth2.server.resource.web.server - package org.springframework.security.oauth2.server.resource.web.server

org.springframework.security.oauth2.server.resource.web.server.authentication - package org.springframework.security.oauth2.server.resource.web.server.authentication

org.springframework.security.provisioning - package org.springframework.security.provisioning

Contains simple user and authority group account provisioning interfaces together with a a JDBC-based implementation.

org.springframework.security.rsocket.api - package org.springframework.security.rsocket.api

org.springframework.security.rsocket.authentication - package org.springframework.security.rsocket.authentication

org.springframework.security.rsocket.authorization - package org.springframework.security.rsocket.authorization

org.springframework.security.rsocket.core - package org.springframework.security.rsocket.core

org.springframework.security.rsocket.metadata - package org.springframework.security.rsocket.metadata

org.springframework.security.rsocket.util.matcher - package org.springframework.security.rsocket.util.matcher

org.springframework.security.saml2 - package org.springframework.security.saml2

org.springframework.security.saml2.core - package org.springframework.security.saml2.core

org.springframework.security.saml2.jackson2 - package org.springframework.security.saml2.jackson2

org.springframework.security.saml2.provider.service.authentication - package org.springframework.security.saml2.provider.service.authentication

org.springframework.security.saml2.provider.service.authentication.logout - package org.springframework.security.saml2.provider.service.authentication.logout

org.springframework.security.saml2.provider.service.metadata - package org.springframework.security.saml2.provider.service.metadata

org.springframework.security.saml2.provider.service.registration - package org.springframework.security.saml2.provider.service.registration

org.springframework.security.saml2.provider.service.web - package org.springframework.security.saml2.provider.service.web

org.springframework.security.saml2.provider.service.web.authentication - package org.springframework.security.saml2.provider.service.web.authentication

org.springframework.security.saml2.provider.service.web.authentication.logout - package org.springframework.security.saml2.provider.service.web.authentication.logout

org.springframework.security.saml2.provider.service.web.metadata - package org.springframework.security.saml2.provider.service.web.metadata

org.springframework.security.scheduling - package org.springframework.security.scheduling

org.springframework.security.taglibs - package org.springframework.security.taglibs

Security related tag libraries that can be used in JSPs and templates.

org.springframework.security.taglibs.authz - package org.springframework.security.taglibs.authz

JSP Security tag library implementation.

org.springframework.security.taglibs.csrf - package org.springframework.security.taglibs.csrf

org.springframework.security.task - package org.springframework.security.task

org.springframework.security.test.context - package org.springframework.security.test.context

org.springframework.security.test.context.annotation - package org.springframework.security.test.context.annotation

org.springframework.security.test.context.support - package org.springframework.security.test.context.support

org.springframework.security.test.web.reactive.server - package org.springframework.security.test.web.reactive.server

org.springframework.security.test.web.servlet.request - package org.springframework.security.test.web.servlet.request

org.springframework.security.test.web.servlet.response - package org.springframework.security.test.web.servlet.response

org.springframework.security.test.web.servlet.setup - package org.springframework.security.test.web.servlet.setup

org.springframework.security.test.web.support - package org.springframework.security.test.web.support

org.springframework.security.util - package org.springframework.security.util

General utility classes used throughout the Spring Security framework.

org.springframework.security.web - package org.springframework.security.web

Spring Security's web security module.

org.springframework.security.web.access - package org.springframework.security.web.access

Access-control related classes and packages.

org.springframework.security.web.access.channel - package org.springframework.security.web.access.channel

Classes that ensure web requests are received over required transport channels.

org.springframework.security.web.access.expression - package org.springframework.security.web.access.expression

Implementation of web security expressions.

org.springframework.security.web.access.intercept - package org.springframework.security.web.access.intercept

Enforcement of security for HTTP requests, typically by the URL requested.

org.springframework.security.web.authentication - package org.springframework.security.web.authentication

Authentication processing mechanisms, which respond to the submission of authentication credentials using various protocols (eg BASIC, CAS, form login etc).

org.springframework.security.web.authentication.logout - package org.springframework.security.web.authentication.logout

Logout functionality based around a filter which handles a specific logout URL.

org.springframework.security.web.authentication.ott - package org.springframework.security.web.authentication.ott

org.springframework.security.web.authentication.password - package org.springframework.security.web.authentication.password

org.springframework.security.web.authentication.preauth - package org.springframework.security.web.authentication.preauth

Support for "pre-authenticated" scenarios, where Spring Security assumes the incoming request has already been authenticated by some externally configured system.

org.springframework.security.web.authentication.preauth.j2ee - package org.springframework.security.web.authentication.preauth.j2ee

Pre-authentication support for container-authenticated requests.

org.springframework.security.web.authentication.preauth.websphere - package org.springframework.security.web.authentication.preauth.websphere

Websphere-specific pre-authentication classes.

org.springframework.security.web.authentication.preauth.x509 - package org.springframework.security.web.authentication.preauth.x509

X.509 client certificate authentication support.

org.springframework.security.web.authentication.rememberme - package org.springframework.security.web.authentication.rememberme

Support for remembering a user between different web sessions.

org.springframework.security.web.authentication.session - package org.springframework.security.web.authentication.session

Strategy interface and implementations for handling session-related behaviour for a newly authenticated user.

org.springframework.security.web.authentication.switchuser - package org.springframework.security.web.authentication.switchuser

Provides HTTP-based "switch user" (su) capabilities.

org.springframework.security.web.authentication.ui - package org.springframework.security.web.authentication.ui

Authentication user-interface rendering code.

org.springframework.security.web.authentication.www - package org.springframework.security.web.authentication.www

WWW-Authenticate based authentication mechanism implementations: Basic and Digest authentication.

org.springframework.security.web.bind.annotation - package org.springframework.security.web.bind.annotation

org.springframework.security.web.bind.support - package org.springframework.security.web.bind.support

org.springframework.security.web.context - package org.springframework.security.web.context

Classes which are responsible for maintaining the security context between HTTP requests.

org.springframework.security.web.context.request.async - package org.springframework.security.web.context.request.async

org.springframework.security.web.context.support - package org.springframework.security.web.context.support

org.springframework.security.web.csrf - package org.springframework.security.web.csrf

org.springframework.security.web.debug - package org.springframework.security.web.debug

org.springframework.security.web.firewall - package org.springframework.security.web.firewall

org.springframework.security.web.header - package org.springframework.security.web.header

org.springframework.security.web.header.writers - package org.springframework.security.web.header.writers

org.springframework.security.web.header.writers.frameoptions - package org.springframework.security.web.header.writers.frameoptions

org.springframework.security.web.http - package org.springframework.security.web.http

org.springframework.security.web.jaasapi - package org.springframework.security.web.jaasapi

Makes a JAAS Subject available as the current Subject.

org.springframework.security.web.jackson2 - package org.springframework.security.web.jackson2

Mix-in classes to provide Jackson serialization support.

org.springframework.security.web.method.annotation - package org.springframework.security.web.method.annotation

org.springframework.security.web.reactive.result.method.annotation - package org.springframework.security.web.reactive.result.method.annotation

org.springframework.security.web.reactive.result.view - package org.springframework.security.web.reactive.result.view

org.springframework.security.web.savedrequest - package org.springframework.security.web.savedrequest

Classes related to the caching of an HttpServletRequest which requires authentication.

org.springframework.security.web.server - package org.springframework.security.web.server

org.springframework.security.web.server.authentication - package org.springframework.security.web.server.authentication

org.springframework.security.web.server.authentication.logout - package org.springframework.security.web.server.authentication.logout

org.springframework.security.web.server.authentication.ott - package org.springframework.security.web.server.authentication.ott

org.springframework.security.web.server.authorization - package org.springframework.security.web.server.authorization

org.springframework.security.web.server.context - package org.springframework.security.web.server.context

org.springframework.security.web.server.csrf - package org.springframework.security.web.server.csrf

org.springframework.security.web.server.firewall - package org.springframework.security.web.server.firewall

org.springframework.security.web.server.header - package org.springframework.security.web.server.header

org.springframework.security.web.server.jackson2 - package org.springframework.security.web.server.jackson2

org.springframework.security.web.server.savedrequest - package org.springframework.security.web.server.savedrequest

org.springframework.security.web.server.transport - package org.springframework.security.web.server.transport

org.springframework.security.web.server.ui - package org.springframework.security.web.server.ui

org.springframework.security.web.server.util.matcher - package org.springframework.security.web.server.util.matcher

org.springframework.security.web.servlet.support.csrf - package org.springframework.security.web.servlet.support.csrf

org.springframework.security.web.servlet.util.matcher - package org.springframework.security.web.servlet.util.matcher

org.springframework.security.web.servletapi - package org.springframework.security.web.servletapi

Populates a Servlet request with a new Spring Security compliant HttpServletRequestWrapper.

org.springframework.security.web.session - package org.springframework.security.web.session

Session management filters, HttpSession events and publisher classes.

org.springframework.security.web.util - package org.springframework.security.web.util

Web utility classes.

org.springframework.security.web.util.matcher - package org.springframework.security.web.util.matcher

org.springframework.security.web.webauthn.api - package org.springframework.security.web.webauthn.api

org.springframework.security.web.webauthn.authentication - package org.springframework.security.web.webauthn.authentication

org.springframework.security.web.webauthn.jackson - package org.springframework.security.web.webauthn.jackson

org.springframework.security.web.webauthn.management - package org.springframework.security.web.webauthn.management

org.springframework.security.web.webauthn.registration - package org.springframework.security.web.webauthn.registration

ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy

ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy

ORIGIN_WHEN_CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy

ORIGIN_WHEN_CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy

OrMessageMatcher<T> - Class in org.springframework.security.messaging.util.matcher

MessageMatcher that will return true if any of the passed in MessageMatcher instances match.

OrMessageMatcher(List<MessageMatcher<T>>) - Constructor for class org.springframework.security.messaging.util.matcher.OrMessageMatcher

Creates a new instance

OrMessageMatcher(MessageMatcher<T>...) - Constructor for class org.springframework.security.messaging.util.matcher.OrMessageMatcher

Creates a new instance

OrRequestMatcher - Class in org.springframework.security.web.util.matcher

RequestMatcher that will return true if any of the passed in RequestMatcher instances match.

OrRequestMatcher(List<RequestMatcher>) - Constructor for class org.springframework.security.web.util.matcher.OrRequestMatcher

Creates a new instance

OrRequestMatcher(RequestMatcher...) - Constructor for class org.springframework.security.web.util.matcher.OrRequestMatcher

Creates a new instance

OrServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher

Matches if any of the provided ServerWebExchangeMatcher match

OrServerWebExchangeMatcher(List<ServerWebExchangeMatcher>) - Constructor for class org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher

OrServerWebExchangeMatcher(ServerWebExchangeMatcher...) - Constructor for class org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher

OwnershipAcl - Interface in org.springframework.security.acls.model

A mutable ACL that provides ownership capabilities.

P

P - Annotation Interface in org.springframework.security.access.method

Deprecated.

use @{code org.springframework.security.core.parameters.P}

P - Annotation Interface in org.springframework.security.core.parameters

An annotation that can be used along with AnnotationParameterNameDiscoverer to specify parameter names.

pageContext - Variable in class org.springframework.security.taglibs.authz.JspAuthorizeTag

ParameterRequestMatcher - Class in org.springframework.security.web.util.matcher

A RequestMatcher for matching on a request parameter and its value.

ParameterRequestMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.ParameterRequestMatcher

ParameterRequestMatcher(String, String) - Constructor for class org.springframework.security.web.util.matcher.ParameterRequestMatcher

parameters(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder

A Consumer to be provided access to all the parameters allowing the ability to add, replace, or remove.

parameters(Consumer<Map<String, String>>) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder

Use this Consumer to modify the set of query parameters No parameter should be URL-encoded as this will be done when the request is sent

parameters(Consumer<Map<String, String>>) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder

Use this Consumer to modify the set of query parameters No parameter should be URL-encoded as this will be done when the response is sent, though any signature specified should be Base64-encoded

parametersQuery(Function<Map<String, String>, String>) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder

Use this strategy for converting parameters into an encoded query string.

parametersQuery(Function<Map<String, String>, String>) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder

Use this strategy for converting parameters into an encoded query string.

parentAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

Allows providing a parent AuthenticationManager that will be tried if this AuthenticationManager was unable to attempt to authenticate the provided Authentication.

parse(Element, ParserContext) - Method in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.authentication.AuthenticationProviderBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.DebugBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.http.CorsBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.http.CsrfBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.http.FilterChainBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.http.FilterInvocationSecurityMetadataSourceParser

Deprecated.

parse(Element, ParserContext) - Method in class org.springframework.security.config.http.FormLoginBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.http.HeadersBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.http.HttpFirewallBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser

The aim of this method is to build the list of filters which have been defined by the namespace elements and attributes within the <http> configuration, along with any custom-filter's linked to user-defined filter beans.

parse(Element, ParserContext) - Method in class org.springframework.security.config.http.WellKnownChangePasswordBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.ldap.LdapProviderBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser

Deprecated.

parse(Element, ParserContext) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.oauth2.client.ClientRegistrationsBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.saml2.RelyingPartyRegistrationsBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.SecurityNamespaceHandler

parse(Element, ParserContext) - Method in class org.springframework.security.config.websocket.WebSocketMessageBrokerSecurityBeanDefinitionParser

parseCache - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat

Parser cache.

parseDate(String, DateFormat[]) - Static method in class org.springframework.security.web.savedrequest.FastHttpDateFormat

Tries to parse the given date as an HTTP date.

parseInternal(Element, ParserContext) - Method in class org.springframework.security.config.method.MethodSecurityMetadataSourceBeanDefinitionParser

Deprecated.

parseRootDnFromUrl(String) - Static method in class org.springframework.security.ldap.LdapUtils

Works out the root DN for an LDAP URL.

password() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder

Deprecated.

The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.

password() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder

Deprecated.

The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.

password() - Element in annotation interface org.springframework.security.test.context.support.WithMockUser

The password to be used.

password(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder

Populates the password.

password(String) - Method in class org.springframework.security.core.userdetails.User.UserBuilder

Populates the password.

password(String) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator

Specifies the password to use.

password(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder

The value of the password parameter.

password(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor

Configures the password to use

password(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor

Populates the user's password.

password(String, String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder

Specify both the password parameter name and the password.

password(Consumer<OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder

Deprecated.

The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.

password(Consumer<ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder

Deprecated.

The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.

PASSWORD - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType

Deprecated.

The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.

PASSWORD - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

password - used in Access Token Request.

PASSWORD_ATTRIBUTE_NAME - Static variable in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext

The name of the attribute in the context associated to the value for the resource owner's password.

PASSWORD_ENCODER - Static variable in class org.springframework.security.config.Elements

PASSWORD_EXPIRED - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus

PASSWORD_IN_HISTORY - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus

PASSWORD_MANAGEMENT - Static variable in class org.springframework.security.config.Elements

PASSWORD_MOD_NOT_ALLOWED - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus

PASSWORD_TOO_SHORT - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus

PASSWORD_TOO_YOUNG - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus

passwordAttribute(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer

The attribute in the directory which contains the user password.

passwordCompare() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

PasswordComparisonAuthenticator - Class in org.springframework.security.ldap.authentication

An LdapAuthenticator which compares the login password with the value stored in the directory using a remote LDAP "compare" operation.

PasswordComparisonAuthenticator(BaseLdapPathContextSource) - Constructor for class org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator

passwordEncoder(Function<String, String>) - Method in class org.springframework.security.core.userdetails.User.UserBuilder

Encodes the current password (if non-null) and any future passwords supplied to User.UserBuilder.password(String).

passwordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer

Allows specifying the PasswordEncoder to use.

passwordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

Specifies the PasswordEncoder to be used when authenticating with password comparison.

passwordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer

Allows specifying the PasswordEncoder to use with the DaoAuthenticationProvider.

PasswordEncoder - Interface in org.springframework.security.crypto.password

Service interface for encoding passwords.

PasswordEncoderFactories - Class in org.springframework.security.crypto.factory

Used for creating PasswordEncoder instances

PasswordEncoderParser - Class in org.springframework.security.config.authentication

Stateful parser for the <password-encoder> element.

PasswordEncoderParser(Element, ParserContext) - Constructor for class org.springframework.security.config.authentication.PasswordEncoderParser

passwordManagement() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.passwordManagement(Customizer) or passwordManagement(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

passwordManagement(Customizer<PasswordManagementConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Adds support for the password management.

passwordManagement(Customizer<ServerHttpSecurity.PasswordManagementSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures password management.

PasswordManagementConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers

Adds password management support.

PasswordManagementConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer

PasswordOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client

Deprecated.

The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.

PasswordOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.PasswordOAuth2AuthorizedClientProvider

Deprecated.

passwordParam(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder

The HTTP parameter to place the password.

passwordParameter(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer

The HTTP parameter to look for the password when performing authentication.

PasswordPolicyAwareContextSource - Class in org.springframework.security.ldap.ppolicy

Extended version of the DefaultSpringSecurityContextSource which adds support for the use of PasswordPolicyControl to make use of user account data stored in the directory.

PasswordPolicyAwareContextSource(String) - Constructor for class org.springframework.security.ldap.ppolicy.PasswordPolicyAwareContextSource

PasswordPolicyControl - Class in org.springframework.security.ldap.ppolicy

A Password Policy request control.

PasswordPolicyControl() - Constructor for class org.springframework.security.ldap.ppolicy.PasswordPolicyControl

Creates a non-critical (request) control.

PasswordPolicyControl(boolean) - Constructor for class org.springframework.security.ldap.ppolicy.PasswordPolicyControl

Creates a (request) control.

PasswordPolicyControlExtractor - Class in org.springframework.security.ldap.ppolicy

Obtains the PasswordPolicyControl from a context for use by other classes.

PasswordPolicyControlFactory - Class in org.springframework.security.ldap.ppolicy

Transforms a control object to a PasswordPolicyResponseControl object, if appropriate.

PasswordPolicyControlFactory() - Constructor for class org.springframework.security.ldap.ppolicy.PasswordPolicyControlFactory

PasswordPolicyData - Interface in org.springframework.security.ldap.ppolicy

PasswordPolicyErrorStatus - Enum Class in org.springframework.security.ldap.ppolicy

Defines status codes for use with PasswordPolicyException, with error codes (for message source lookup) and default messages.

PasswordPolicyException - Exception in org.springframework.security.ldap.ppolicy

Generic exception raised by the ppolicy package.

PasswordPolicyException(PasswordPolicyErrorStatus) - Constructor for exception org.springframework.security.ldap.ppolicy.PasswordPolicyException

PasswordPolicyResponseControl - Class in org.springframework.security.ldap.ppolicy

Represents the response control received when a PasswordPolicyControl is used when binding to a directory.

PasswordPolicyResponseControl(byte[]) - Constructor for class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl

Decodes the Ber encoded control data.

PasswordReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client

Deprecated.

The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.

PasswordReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.PasswordReactiveOAuth2AuthorizedClientProvider

Deprecated.

pathMatchers(String...) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry

Maps a List of PathPatternParserServerWebExchangeMatcher instances that do not care which HttpMethod is used.

pathMatchers(String...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers

Creates a matcher that matches on any of the provided patterns.

pathMatchers(HttpMethod) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry

Maps a List of PathPatternParserServerWebExchangeMatcher instances.

pathMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry

Maps a List of PathPatternParserServerWebExchangeMatcher instances.

pathMatchers(HttpMethod, String...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers

Creates a matcher that matches on the specific method and any of the provided patterns.

pathMatchers(HttpMethod, PathPattern...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers

Creates a matcher that matches on the specific method and any of the provided PathPatterns.

pathMatchers(PathPattern...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers

Creates a matcher that matches on any of the provided PathPatterns.

PathPatternParserServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher

Matches if the PathPattern matches the path within the application.

PathPatternParserServerWebExchangeMatcher(String) - Constructor for class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher

PathPatternParserServerWebExchangeMatcher(String, HttpMethod) - Constructor for class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher

PathPatternParserServerWebExchangeMatcher(PathPattern) - Constructor for class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher

PathPatternParserServerWebExchangeMatcher(PathPattern, HttpMethod) - Constructor for class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher

pattern(String) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher.Builder

Creates an MvcRequestMatcher that uses the provided pattern to match

pattern(HttpMethod, String) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher.Builder

Creates an MvcRequestMatcher that uses the provided pattern and HTTP method to match

PAYLOAD - Enum constant in enum class org.springframework.security.rsocket.api.PayloadExchangeType

A Payload exchange.

PayloadExchange - Interface in org.springframework.security.rsocket.api

Contract for a Payload interaction.

PayloadExchangeAuthenticationConverter - Interface in org.springframework.security.rsocket.authentication

Converts from a PayloadExchange to an Authentication

PayloadExchangeAuthorizationContext - Class in org.springframework.security.rsocket.util.matcher

PayloadExchangeAuthorizationContext(PayloadExchange) - Constructor for class org.springframework.security.rsocket.util.matcher.PayloadExchangeAuthorizationContext

PayloadExchangeAuthorizationContext(PayloadExchange, Map<String, Object>) - Constructor for class org.springframework.security.rsocket.util.matcher.PayloadExchangeAuthorizationContext

PayloadExchangeMatcher - Interface in org.springframework.security.rsocket.util.matcher

An interface for determining if a PayloadExchangeMatcher matches.

PayloadExchangeMatcher.MatchResult - Class in org.springframework.security.rsocket.util.matcher

The result of matching

PayloadExchangeMatcherEntry<T> - Class in org.springframework.security.rsocket.util.matcher

PayloadExchangeMatcherEntry(PayloadExchangeMatcher, T) - Constructor for class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcherEntry

PayloadExchangeMatcherReactiveAuthorizationManager - Class in org.springframework.security.rsocket.authorization

Maps a @{code List} of PayloadExchangeMatcher instances to

PayloadExchangeMatcherReactiveAuthorizationManager.Builder - Class in org.springframework.security.rsocket.authorization

PayloadExchangeMatchers - Class in org.springframework.security.rsocket.util.matcher

PayloadExchangeType - Enum Class in org.springframework.security.rsocket.api

The PayloadExchange type

PayloadInterceptor - Interface in org.springframework.security.rsocket.api

Contract for interception-style, chained processing of Payloads that may be used to implement cross-cutting, application-agnostic requirements such as security, timeouts, and others.

PayloadInterceptorChain - Interface in org.springframework.security.rsocket.api

Contract to allow a PayloadInterceptor to delegate to the next in the chain.

PayloadInterceptorOrder - Enum Class in org.springframework.security.config.annotation.rsocket

The standard order for PayloadInterceptor to be sorted.

PayloadSocketAcceptorInterceptor - Class in org.springframework.security.rsocket.core

A SocketAcceptorInterceptor that applies the PayloadInterceptors

PayloadSocketAcceptorInterceptor(List<PayloadInterceptor>) - Constructor for class org.springframework.security.rsocket.core.PayloadSocketAcceptorInterceptor

Pbkdf2PasswordEncoder - Class in org.springframework.security.crypto.password

A PasswordEncoder implementation that uses PBKDF2 with : a configurable random salt value length (default is 16 bytes) a configurable number of iterations (default is 310000) a configurable key derivation function (see Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm) a configurable secret appended to the random salt (default is empty) The algorithm is invoked on the concatenated bytes of the salt, secret and password.

Pbkdf2PasswordEncoder(CharSequence, int, int, int) - Constructor for class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder

Deprecated.

Use Pbkdf2PasswordEncoder(CharSequence, int, int, SecretKeyFactoryAlgorithm) instead

Pbkdf2PasswordEncoder(CharSequence, int, int, Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm) - Constructor for class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder

Constructs a PBKDF2 password encoder with a secret value as well as salt length, iterations and algorithm.

Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm - Enum Class in org.springframework.security.crypto.password

The Algorithm used for creating the SecretKeyFactory

PBKDF2WithHmacSHA1 - Enum constant in enum class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm

PBKDF2WithHmacSHA256 - Enum constant in enum class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm

PBKDF2WithHmacSHA512 - Enum constant in enum class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm

performBuild() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Subclasses must implement this method to build the object that is being returned.

performBuild() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

performBuild() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

performBuild() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Permission - Interface in org.springframework.security.acls.model

Represents a permission granted to a Sid for a given domain object.

PermissionCacheOptimizer - Interface in org.springframework.security.access

Allows permissions to be pre-cached when using pre or post filtering with expressions

PermissionEvaluator - Interface in org.springframework.security.access

Strategy used in expression evaluation to determine whether a user has a permission or permissions for a given domain object.

PermissionFactory - Interface in org.springframework.security.acls.domain

Provides a simple mechanism to retrieve Permission instances from integer masks.

PermissionGrantingStrategy - Interface in org.springframework.security.acls.model

Allow customization of the logic for determining whether a permission or permissions are granted to a particular sid or sids by an Acl.

PERMISSIONS_POLICY - Static variable in class org.springframework.security.web.server.header.PermissionsPolicyServerHttpHeadersWriter

permissionsPolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.permissionsPolicyHeader(Customizer) or permissionsPolicy(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

permissionsPolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.permissionsPolicy(Customizer) instead.

permissionsPolicy(Customizer<HeadersConfigurer.PermissionsPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.permissionsPolicyHeader(Customizer) instead

permissionsPolicy(Customizer<ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures Permissions-Policy response header.

permissionsPolicyHeader(Customizer<HeadersConfigurer.PermissionsPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows configuration for Permissions Policy.

PermissionsPolicyHeaderWriter - Class in org.springframework.security.web.header.writers

Provides support for Permisisons Policy.

PermissionsPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter

Create a new instance of PermissionsPolicyHeaderWriter.

PermissionsPolicyHeaderWriter(String) - Constructor for class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter

Create a new instance of PermissionsPolicyHeaderWriter with supplied security policy.

PermissionsPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header

Writes the Permissions-Policy response header with configured policy directives.

PermissionsPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.PermissionsPolicyServerHttpHeadersWriter

PERMIT_ALL_ATTRIBUTE - Static variable in class org.springframework.security.access.annotation.Jsr250SecurityConfig

Deprecated.

permitAll - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot

Allows "permitAll" expression

permitAll() - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations

Always grants access.

permitAll() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot

permitAll() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access

permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Equivalent of invoking permitAll(true)

permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Specify that URLs are allowed by anyone.

permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Deprecated.

Specify that URLs are allowed by anyone.

permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

A shortcut for LogoutConfigurer.permitAll(boolean) with true as an argument.

permitAll() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Deprecated.

Specify that Messages are allowed by anyone.

permitAll() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access

Allow access for anyone

permitAll() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint

Specify that Messages are allowed by anyone.

permitAll() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl

Specify that URLs are allowed by anyone.

permitAll(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Ensures the urls for AbstractAuthenticationFilterConfigurer.failureUrl(String) as well as for the HttpSecurityBuilder, the AbstractAuthenticationFilterConfigurer.getLoginPage() and AbstractAuthenticationFilterConfigurer.getLoginProcessingUrl() are granted access to any user.

permitAll(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

Grants access to the LogoutConfigurer.logoutSuccessUrl(String) and the LogoutConfigurer.logoutUrl(String) for every user.

PersistentRememberMeToken - Class in org.springframework.security.web.authentication.rememberme

PersistentRememberMeToken(String, String, String, Date) - Constructor for class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken

PersistentTokenBasedRememberMeServices - Class in org.springframework.security.web.authentication.rememberme

RememberMeServices implementation based on Barry Jaspan's Improved Persistent Login Cookie Best Practice.

PersistentTokenBasedRememberMeServices(String, UserDetailsService, PersistentTokenRepository) - Constructor for class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices

PersistentTokenRepository - Interface in org.springframework.security.web.authentication.rememberme

The abstraction used by PersistentTokenBasedRememberMeServices to store the persistent login tokens for a user.

Person - Class in org.springframework.security.ldap.userdetails

UserDetails implementation whose properties are based on the LDAP schema for Person.

Person() - Constructor for class org.springframework.security.ldap.userdetails.Person

PERSON_MAPPER_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

Person.Essence - Class in org.springframework.security.ldap.userdetails

PersonContextMapper - Class in org.springframework.security.ldap.userdetails

PersonContextMapper() - Constructor for class org.springframework.security.ldap.userdetails.PersonContextMapper

PHONE - Static variable in class org.springframework.security.oauth2.core.oidc.OidcScopes

The phone scope requests access to the phone_number and phone_number_verified claims.

PHONE_NUMBER - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames

phone_number - the user's preferred phone number

PHONE_NUMBER_VERIFIED - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames

phone_number_verified - true if the user's phone number has been verified, otherwise false

phoneNumber(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Use this phone number in the resulting OidcUserInfo

phoneNumberVerified(Boolean) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Use this verified-phone-number indicator in the resulting OidcUserInfo

picture(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Use this picture in the resulting OidcUserInfo

PICTURE - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames

picture - the URL of the user's profile picture

PkceParameterNames - Class in org.springframework.security.oauth2.core.endpoint

Standard parameter names defined in the OAuth Parameters Registry and used by the authorization endpoint and token endpoint.

pkcs8() - Static method in class org.springframework.security.converter.RsaKeyConverters

Construct a Converter for converting a PEM-encoded PKCS#8 RSA Private Key into a RSAPrivateKey.

PLATFORM - Static variable in class org.springframework.security.web.webauthn.api.AuthenticatorAttachment

Indicates platform attachment.

policy(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.PermissionsPolicyConfig

Sets the policy to be used in the response header.

policy(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec

Sets the policy to be used in the response header.

policy(CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginEmbedderPolicyConfig

Sets the policy to be used in the Cross-Origin-Embedder-Policy header

policy(CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginOpenerPolicyConfig

Sets the policy to be used in the Cross-Origin-Opener-Policy header

policy(CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginResourcePolicyConfig

Sets the policy to be used in the Cross-Origin-Resource-Policy header

policy(ReferrerPolicyHeaderWriter.ReferrerPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ReferrerPolicyConfig

Sets the policy to be used in the response header.

policy(CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec

Sets the value to be used in the `Cross-Origin-Embedder-Policy` header

policy(CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec

Sets the value to be used in the `Cross-Origin-Opener-Policy` header

policy(CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec

Sets the value to be used in the `Cross-Origin-Resource-Policy` header

policy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec

Sets the policy to be used in the response header.

policyDirectives(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig

Sets the security policy directive(s) to be used in the response header.

policyDirectives(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec

Sets the security policy directive(s) to be used in the response header.

populateContext(DirContextAdapter) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson

populateContext(DirContextAdapter) - Method in class org.springframework.security.ldap.userdetails.Person

port(int) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder

The port to connect to LDAP to (the default is 33389 or random available port if unavailable).

PORT_MAPPING - Static variable in class org.springframework.security.config.Elements

PORT_MAPPINGS - Static variable in class org.springframework.security.config.Elements

portMapper() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.portMapper(Customizer) or portMapper(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

portMapper(Customizer<PortMapperConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring a PortMapper that is available from AbstractConfiguredSecurityBuilder.getSharedObject(Class).

portMapper(PortMapper) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer

Allows specifying the PortMapper instance.

portMapper(PortMapper) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec

Configures a custom HTTPS port to redirect to

PortMapper - Interface in org.springframework.security.web

PortMapper implementations provide callers with information about which HTTP ports are associated with which HTTPS ports on the system, and vice versa.

PortMapperConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Allows configuring a shared PortMapper instance used to determine the ports when redirecting between HTTP and HTTPS.

PortMapperConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer

Creates a new instance

PortMapperConfigurer.HttpPortMapping - Class in org.springframework.security.config.annotation.web.configurers

Allows specifying the HTTPS port for a given HTTP port when redirecting between HTTP and HTTPS.

PortMapperImpl - Class in org.springframework.security.web

Concrete implementation of PortMapper that obtains HTTP:HTTPS pairs from the application context.

PortMapperImpl() - Constructor for class org.springframework.security.web.PortMapperImpl

PortResolver - Interface in org.springframework.security.web

A PortResolver determines the port a web request was received on.

PortResolverImpl - Class in org.springframework.security.web

Concrete implementation of PortResolver that obtains the port from ServletRequest.getServerPort().

PortResolverImpl() - Constructor for class org.springframework.security.web.PortResolverImpl

POST - Enum constant in enum class org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding

POST_AUTHORIZE - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder

POST_FILTER - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder

PostFilterAuthorizationMethodInterceptor

POST_INVOCATION_ADVICE - Static variable in class org.springframework.security.config.Elements

postalCode(String) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder

Sets the zip code or postal code.

postAuthorize() - Static method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor

Creates an interceptor for the PostAuthorize annotation

postAuthorize() - Static method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor

Creates an instance for the PostAuthorize annotation.

postAuthorize(AuthorizationManager<MethodInvocationResult>) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor

Creates an interceptor for the PostAuthorize annotation

postAuthorize(PostAuthorizeAuthorizationManager) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor

Creates an interceptor for the PostAuthorize annotation

postAuthorize(ReactiveAuthorizationManager<MethodInvocationResult>) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor

Creates an instance for the PostAuthorize annotation.

PostAuthorize - Annotation Interface in org.springframework.security.access.prepost

Annotation for specifying a method access-control expression which will be evaluated after a method has been invoked.

PostAuthorizeAuthorizationManager - Class in org.springframework.security.authorization.method

An AuthorizationManager which can determine if an Authentication may return the result from an invoked MethodInvocation by evaluating an expression from the PostAuthorize annotation.

PostAuthorizeAuthorizationManager() - Constructor for class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager

PostAuthorizeAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor

PostAuthorizeReactiveAuthorizationManager - Class in org.springframework.security.authorization.method

A ReactiveAuthorizationManager which can determine if an Authentication has access to the returned object from the MethodInvocation by evaluating an expression from the PostAuthorize annotation.

PostAuthorizeReactiveAuthorizationManager() - Constructor for class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager

PostAuthorizeReactiveAuthorizationManager(MethodSecurityExpressionHandler) - Constructor for class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager

postBuildAction(Runnable) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Executes the Runnable immediately after the build takes place

PostFilter - Annotation Interface in org.springframework.security.access.prepost

Annotation for specifying a method filtering expression which will be evaluated after a method has been invoked.

PostFilterAuthorizationMethodInterceptor - Class in org.springframework.security.authorization.method

A MethodInterceptor which filters a returnedObject from the MethodInvocation by evaluating an expression from the PostFilter annotation.

PostFilterAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor

Creates a PostFilterAuthorizationMethodInterceptor using the provided parameters

PostFilterAuthorizationReactiveMethodInterceptor - Class in org.springframework.security.authorization.method

A MethodInterceptor which filters the returned object from the MethodInvocation by evaluating an expression from the PostFilter annotation.

PostFilterAuthorizationReactiveMethodInterceptor() - Constructor for class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor

Creates an instance.

PostFilterAuthorizationReactiveMethodInterceptor(MethodSecurityExpressionHandler) - Constructor for class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor

Creates an instance.

PostInvocationAdviceProvider - Class in org.springframework.security.access.prepost

Deprecated.

Use AuthorizationManagerAfterMethodInterceptor instead

PostInvocationAdviceProvider(PostInvocationAuthorizationAdvice) - Constructor for class org.springframework.security.access.prepost.PostInvocationAdviceProvider

Deprecated.

PostInvocationAttribute - Interface in org.springframework.security.access.prepost

Deprecated.

Use AuthorizationManagerAfterMethodInterceptor instead

PostInvocationAuthorizationAdvice - Interface in org.springframework.security.access.prepost

Deprecated.

Use AuthorizationManagerAfterMethodInterceptor instead

postProcess(O) - Method in interface org.springframework.security.config.annotation.ObjectPostProcessor

Deprecated.

Initialize the object possibly returning a modified instance that should be used instead.

postProcess(O) - Method in interface org.springframework.security.config.ObjectPostProcessor

Initialize the object possibly returning a modified instance that should be used instead.

postProcess(NativeWebRequest, Callable<T>, Object) - Method in class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor

postProcess(P) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Performs post processing of an object.

postProcess(T) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter

Performs post processing of an object.

postProcessBeanDefinitionRegistry(BeanDefinitionRegistry) - Method in class org.springframework.security.config.debug.SecurityDebugBeanFactoryPostProcessor

postProcessBeanDefinitionRegistry(BeanDefinitionRegistry) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.RequestRejectedHandlerPostProcessor

postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.crypto.RsaKeyConversionServicePostProcessor

postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.debug.SecurityDebugBeanFactoryPostProcessor

postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.RequestRejectedHandlerPostProcessor

postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.ldap.ContextSourceSettingPostProcessor

postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor

postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor

postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor

postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor

postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor

postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor

postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor

postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor

postReceive(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor

Deprecated.

postReceive(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor

postSend(Message<?>, MessageChannel, boolean) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor

Deprecated.

PRAGMA_VALUE - Static variable in class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter

The value for pragma value

PRE_AUTHORIZE - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder

PRE_FILTER - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder

PreFilterAuthorizationMethodInterceptor

PRE_INVOCATION_ADVICE - Static variable in class org.springframework.security.config.Elements

PreAuthenticatedAuthenticationProvider - Class in org.springframework.security.web.authentication.preauth

Processes a pre-authenticated authentication request.

PreAuthenticatedAuthenticationProvider() - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider

PreAuthenticatedAuthenticationToken - Class in org.springframework.security.web.authentication.preauth

Authentication implementation for pre-authenticated authentication.

PreAuthenticatedAuthenticationToken(Object, Object) - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken

Constructor used for an authentication request.

PreAuthenticatedAuthenticationToken(Object, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken

Constructor used for an authentication response.

PreAuthenticatedCredentialsNotFoundException - Exception in org.springframework.security.web.authentication.preauth

PreAuthenticatedCredentialsNotFoundException(String) - Constructor for exception org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException

PreAuthenticatedCredentialsNotFoundException(String, Throwable) - Constructor for exception org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException

PreAuthenticatedGrantedAuthoritiesUserDetailsService - Class in org.springframework.security.web.authentication.preauth

This AuthenticationUserDetailsService implementation creates a UserDetails object based solely on the information contained in the given PreAuthenticatedAuthenticationToken.

PreAuthenticatedGrantedAuthoritiesUserDetailsService() - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService

PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails - Class in org.springframework.security.web.authentication.preauth

This WebAuthenticationDetails implementation allows for storing a list of pre-authenticated Granted Authorities.

PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(HttpServletRequest, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails

preAuthorize() - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor

Creates an interceptor for the PreAuthorize annotation

preAuthorize() - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor

Creates an instance for the PreAuthorize annotation.

preAuthorize(AuthorizationManager<MethodInvocation>) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor

Creates an interceptor for the PreAuthorize annotation

preAuthorize(PreAuthorizeAuthorizationManager) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor

Creates an interceptor for the PreAuthorize annotation

preAuthorize(ReactiveAuthorizationManager<MethodInvocation>) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor

Creates an instance for the PreAuthorize annotation.

PreAuthorize - Annotation Interface in org.springframework.security.access.prepost

Annotation for specifying a method access-control expression which will be evaluated to decide whether a method invocation is allowed or not.

PreAuthorizeAuthorizationManager - Class in org.springframework.security.authorization.method

An AuthorizationManager which can determine if an Authentication may invoke the MethodInvocation by evaluating an expression from the PreAuthorize annotation.

PreAuthorizeAuthorizationManager() - Constructor for class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager

PreAuthorizeAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor

PreAuthorizeReactiveAuthorizationManager - Class in org.springframework.security.authorization.method

A ReactiveAuthorizationManager which can determine if an Authentication has access to the MethodInvocation by evaluating an expression from the PreAuthorize annotation.

PreAuthorizeReactiveAuthorizationManager() - Constructor for class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager

PreAuthorizeReactiveAuthorizationManager(MethodSecurityExpressionHandler) - Constructor for class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager

preCommence(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint

Template method for you to do your own pre-processing before the redirect occurs.

PREFERRED - Static variable in class org.springframework.security.web.webauthn.api.ResidentKeyRequirement

The preferred requirement indicates that the Relying Party strongly prefers creating a client-side discoverable credential, but will accept a server-side credential.

PREFERRED - Static variable in class org.springframework.security.web.webauthn.api.UserVerificationRequirement

The preferred value indicates that the Relying Party prefers user verification for the operation if possible, but will not fail the operation if the response does not have the UV flag set.

PREFERRED_USERNAME - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames

preferred_username - the preferred username that the user wishes to be referred to

preferredUsername(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Use this preferred username in the resulting OidcUserInfo

prefersShortLivedTasks() - Method in class org.springframework.security.scheduling.DelegatingSecurityContextSchedulingTaskExecutor

PreFilter - Annotation Interface in org.springframework.security.access.prepost

Annotation for specifying a method filtering expression which will be evaluated before a method has been invoked.

PreFilterAuthorizationMethodInterceptor - Class in org.springframework.security.authorization.method

A MethodInterceptor which filters a method argument by evaluating an expression from the PreFilter annotation.

PreFilterAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor

Creates a PreFilterAuthorizationMethodInterceptor using the provided parameters

PreFilterAuthorizationReactiveMethodInterceptor - Class in org.springframework.security.authorization.method

A MethodInterceptor which filters a reactive method argument by evaluating an expression from the PreFilter annotation.

PreFilterAuthorizationReactiveMethodInterceptor() - Constructor for class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor

PreFilterAuthorizationReactiveMethodInterceptor(MethodSecurityExpressionHandler) - Constructor for class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor

Creates an instance.

PreInvocationAttribute - Interface in org.springframework.security.access.prepost

Deprecated.

Use AuthorizationManagerBeforeMethodInterceptor instead

preInvocationAuthorizationAdvice() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Deprecated.

Creates the PreInvocationAuthorizationAdvice to be used.

PreInvocationAuthorizationAdvice - Interface in org.springframework.security.access.prepost

Deprecated.

Use AuthorizationManagerBeforeMethodInterceptor instead

PreInvocationAuthorizationAdviceVoter - Class in org.springframework.security.access.prepost

Deprecated.

Use AuthorizationManagerBeforeMethodInterceptor instead

PreInvocationAuthorizationAdviceVoter(PreInvocationAuthorizationAdvice) - Constructor for class org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter

Deprecated.

preload(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig

If true, preload will be included in HSTS Header.

preload(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec

Configures if preload should be included.

prepareTestInstance(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener

PrePostAdviceReactiveMethodInterceptor - Class in org.springframework.security.access.prepost

Deprecated.

Use AuthorizationManagerBeforeReactiveMethodInterceptor or AuthorizationManagerAfterReactiveMethodInterceptor

PrePostAdviceReactiveMethodInterceptor(MethodSecurityMetadataSource, PreInvocationAuthorizationAdvice, PostInvocationAuthorizationAdvice) - Constructor for class org.springframework.security.access.prepost.PrePostAdviceReactiveMethodInterceptor

Deprecated.

Creates a new instance

PrePostAnnotationSecurityMetadataSource - Class in org.springframework.security.access.prepost

Deprecated.

Use PreAuthorizeAuthorizationManager and PostAuthorizeAuthorizationManager instead

PrePostAnnotationSecurityMetadataSource(PrePostInvocationAttributeFactory) - Constructor for class org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource

Deprecated.

PrePostAuthorizeExpressionBeanHintsRegistrar - Class in org.springframework.security.aot.hint

A SecurityHintsRegistrar that scans all provided classes for methods that use PreAuthorize or PostAuthorize and registers hints for the beans used within the security expressions.

PrePostAuthorizeExpressionBeanHintsRegistrar(Class<?>...) - Constructor for class org.springframework.security.aot.hint.PrePostAuthorizeExpressionBeanHintsRegistrar

PrePostAuthorizeExpressionBeanHintsRegistrar(List<Class<?>>) - Constructor for class org.springframework.security.aot.hint.PrePostAuthorizeExpressionBeanHintsRegistrar

PrePostAuthorizeHintsRegistrar - Class in org.springframework.security.aot.hint

A SecurityHintsRegistrar that scans all beans for methods that use PreAuthorize or PostAuthorize and registers appropriate hints for the annotations.

PrePostAuthorizeHintsRegistrar() - Constructor for class org.springframework.security.aot.hint.PrePostAuthorizeHintsRegistrar

prePostEnabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity

Deprecated.

Determines if Spring Security's pre post annotations should be enabled.

prePostEnabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity

Determines if Spring Security's PreAuthorize, PostAuthorize, PreFilter, and PostFilter annotations should be enabled.

PrePostInvocationAttributeFactory - Interface in org.springframework.security.access.prepost

Deprecated.

Use delegation with AuthorizationManager

PrePostTemplateDefaults - Class in org.springframework.security.authorization.method

Deprecated.

Please use AnnotationTemplateExpressionDefaults instead

PrePostTemplateDefaults() - Constructor for class org.springframework.security.authorization.method.PrePostTemplateDefaults

Deprecated.

preProcess(NativeWebRequest, Callable<T>) - Method in class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor

preReceive(MessageChannel) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor

Deprecated.

preSend(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor

preSend(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor

Deprecated.

preSend(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor

preSend(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor

preSend(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.web.csrf.CsrfChannelInterceptor

preSend(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.web.csrf.XorCsrfChannelInterceptor

PreventLoginServerMaximumSessionsExceededHandler - Class in org.springframework.security.web.server.authentication

Returns a Mono that terminates with SessionAuthenticationException when the maximum number of sessions for a user has been reached.

PreventLoginServerMaximumSessionsExceededHandler() - Constructor for class org.springframework.security.web.server.authentication.PreventLoginServerMaximumSessionsExceededHandler

principal(Object) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer

Sets the principal for Authentication objects of anonymous users

principal(Object) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec

Sets the principal for Authentication objects of anonymous users

principal(String) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest.Builder

Sets the name of the Principal (to be) associated to the authorized client.

principal(String) - Static method in class org.springframework.security.oauth2.client.web.client.RequestAttributePrincipalResolver

Modifies the attributes to include the principal to be used to look up the OAuth2AuthorizedClient.

principal(Authentication) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext.Builder

Sets the Principal (to be) associated to the authorized client.

principal(Authentication) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest.Builder

Sets the Principal (to be) associated to the authorized client.

principal(Authentication) - Static method in class org.springframework.security.oauth2.client.web.client.RequestAttributePrincipalResolver

Modifies the attributes to include the principal to be used to look up the OAuth2AuthorizedClient.

principal(OAuth2AuthenticatedPrincipal) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator

Use the provided principal

principal(OAuth2AuthenticatedPrincipal) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor

Use the provided principal

principalChanged(HttpServletRequest, Authentication) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

Determines if the current principal has changed.

principalExtractor(X509PrincipalExtractor) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec

principalName(String) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator

Use this as the resource owner's principal name

principalName(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor

Use this as the resource owner's principal name

PrincipalSid - Class in org.springframework.security.acls.domain

Represents an Authentication.getPrincipal() as a Sid.

PrincipalSid(String) - Constructor for class org.springframework.security.acls.domain.PrincipalSid

PrincipalSid(Authentication) - Constructor for class org.springframework.security.acls.domain.PrincipalSid

printBinary(int) - Static method in class org.springframework.security.acls.domain.AclFormattingUtils

Returns a representation of the active bits in the presented mask, with each active bit being denoted by character '*'.

printBinary(int, char) - Static method in class org.springframework.security.acls.domain.AclFormattingUtils

Returns a representation of the active bits in the presented mask, with each active bit being denoted by the passed character.

PRIVATE_KEY_JWT - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod

privilegeEvaluator() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration

Creates the WebInvocationPrivilegeEvaluator that is necessary to evaluate privileges for a given web URI

privilegeEvaluator(WebInvocationPrivilegeEvaluator) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Set the WebInvocationPrivilegeEvaluator to be used.

proceed() - Method in class org.springframework.security.access.intercept.aspectj.MethodInvocationAdapter

Deprecated.

proceed() - Method in class org.springframework.security.util.SimpleMethodInvocation

proceedWithObject() - Method in interface org.springframework.security.access.intercept.aspectj.AspectJCallback

Deprecated.

processAction(HttpServletRequest, String) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor

processAction(HttpServletRequest, String, String) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor

processAction(ServerWebExchange, String, String) - Method in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor

processAutoLoginCookie(String[], HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

Called from autoLogin to process the submitted persistent login cookie.

processAutoLoginCookie(String[], HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices

Locates the presented cookie data in the token repository, using the series id.

processAutoLoginCookie(String[], HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices

processConfigAttribute - Variable in class org.springframework.security.acls.afterinvocation.AbstractAclProvider

processDomainObjectClass - Variable in class org.springframework.security.acls.afterinvocation.AbstractAclProvider

processFormFieldValue(HttpServletRequest, String, String, String) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor

processFormFieldValue(ServerWebExchange, String, String, String) - Method in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor

processUrl(HttpServletRequest, String) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor

processUrl(ServerWebExchange, String) - Method in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor

profile(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Use this profile in the resulting OidcUserInfo

PROFILE - Static variable in class org.springframework.security.oauth2.core.oidc.OidcScopes

The profile scope requests access to the default profile claims, which are: name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, updated_at.

PROFILE - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames

profile - the URL of the user's profile page

PROTECT - Static variable in class org.springframework.security.config.Elements

PROTECT_POINTCUT - Static variable in class org.springframework.security.config.Elements

provider(OAuth2AuthorizedClientProvider) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder

Configures an OAuth2AuthorizedClientProvider to be composed with the DelegatingOAuth2AuthorizedClientProvider.

provider(ReactiveOAuth2AuthorizedClientProvider) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder

Configures a ReactiveOAuth2AuthorizedClientProvider to be composed with the DelegatingReactiveOAuth2AuthorizedClientProvider.

providerConfigurationMetadata(Map<String, Object>) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder

Sets the metadata describing the provider's configuration.

ProviderManager - Class in org.springframework.security.authentication

Iterates an Authentication request through a list of AuthenticationProviders.

ProviderManager(List<AuthenticationProvider>) - Constructor for class org.springframework.security.authentication.ProviderManager

Construct a ProviderManager using the given AuthenticationProviders

ProviderManager(List<AuthenticationProvider>, AuthenticationManager) - Constructor for class org.springframework.security.authentication.ProviderManager

Construct a ProviderManager using the provided parameters

ProviderManager(AuthenticationProvider...) - Constructor for class org.springframework.security.authentication.ProviderManager

Construct a ProviderManager using the given AuthenticationProviders

ProviderManagerBuilder<B extends ProviderManagerBuilder<B>> - Interface in org.springframework.security.config.annotation.authentication

Interface for operating on a SecurityBuilder that creates a ProviderManager

ProviderNotFoundException - Exception in org.springframework.security.authentication

Thrown by ProviderManager if no AuthenticationProvider could be found that supports the presented Authentication object.

ProviderNotFoundException(String) - Constructor for exception org.springframework.security.authentication.ProviderNotFoundException

Constructs a ProviderNotFoundException with the specified message.

proxy(Object) - Method in interface org.springframework.security.authorization.AuthorizationProxyFactory

Wrap the given object in authorization-related advice.

proxy(Object) - Method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory

Proxy an object to enforce authorization advice.

proxyTargetClass() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity

Deprecated.

Indicate whether subclass-based (CGLIB) proxies are to be created (true) as opposed to standard Java interface-based proxies (false).

proxyTargetClass() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity

Indicate whether subclass-based (CGLIB) proxies are to be created as opposed to standard Java interface-based proxies.

proxyTargetClass() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity

Indicate whether subclass-based (CGLIB) proxies are to be created as opposed to standard Java interface-based proxies.

PS256 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm

RSASSA-PSS using SHA-256 and MGF1 with SHA-256 (Optional)

PS256 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms

RSASSA-PSS using SHA-256 and MGF1 with SHA-256 (Optional)

PS384 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm

RSASSA-PSS using SHA-384 and MGF1 with SHA-384 (Optional)

PS384 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms

RSASSA-PSS using SHA-384 and MGF1 with SHA-384 (Optional)

PS512 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm

RSASSA-PSS using SHA-512 and MGF1 with SHA-512 (Optional)

PS512 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms

RSASSA-PSS using SHA-512 and MGF1 with SHA-512 (Optional)

pubKeyCredParams(List<PublicKeyCredentialParameters>) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder

Sets the PublicKeyCredentialCreationOptions.getPubKeyCredParams() property.

pubKeyCredParams(PublicKeyCredentialParameters...) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder

Sets the PublicKeyCredentialCreationOptions.getPubKeyCredParams() property.

PUBLIC_KEY - Static variable in class org.springframework.security.web.webauthn.api.PublicKeyCredentialType

The only credential type that currently exists.

PublicInvocationEvent - Class in org.springframework.security.access.event

Deprecated.

Only used by now-deprecated classes. Consider EventObject.getSource() to deduce public invocations.

PublicInvocationEvent(Object) - Constructor for class org.springframework.security.access.event.PublicInvocationEvent

Deprecated.

Construct the event, passing in the public secure object.

publicKey(RSAPublicKey) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

Configures a ReactiveJwtDecoder that leverages the provided RSAPublicKey

publicKey(PublicKeyCose) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder

PublicKeyCose - Interface in org.springframework.security.web.webauthn.api

A COSE encoded public key.

PublicKeyCredential<R extends AuthenticatorResponse> - Class in org.springframework.security.web.webauthn.api

PublicKeyCredential contains the attributes that are returned to the caller when a new credential is created, or a new assertion is requested.

PublicKeyCredential.PublicKeyCredentialBuilder<R extends AuthenticatorResponse> - Class in org.springframework.security.web.webauthn.api

The PublicKeyCredential.PublicKeyCredentialBuilder

PublicKeyCredentialCreationOptions - Class in org.springframework.security.web.webauthn.api

Represents the PublicKeyCredentialCreationOptions which is an argument to creating a new credential.

PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder - Class in org.springframework.security.web.webauthn.api

Used to build PublicKeyCredentialCreationOptions.

PublicKeyCredentialCreationOptionsFilter - Class in org.springframework.security.web.webauthn.registration

A Filter that renders the PublicKeyCredentialCreationOptions for creating a new credential.

PublicKeyCredentialCreationOptionsFilter(WebAuthnRelyingPartyOperations) - Constructor for class org.springframework.security.web.webauthn.registration.PublicKeyCredentialCreationOptionsFilter

Creates a new instance.

PublicKeyCredentialCreationOptionsRepository - Interface in org.springframework.security.web.webauthn.registration

Saves PublicKeyCredentialCreationOptions between a request to generate an assertion and the validation of the assertion.

PublicKeyCredentialCreationOptionsRequest - Interface in org.springframework.security.web.webauthn.management

A request to create a new PublicKeyCredentialCreationOptions.

PublicKeyCredentialDescriptor - Class in org.springframework.security.web.webauthn.api

PublicKeyCredentialDescriptor identifies a specific public key credential.

PublicKeyCredentialDescriptor.PublicKeyCredentialDescriptorBuilder - Class in org.springframework.security.web.webauthn.api

Used to create PublicKeyCredentialDescriptor

PublicKeyCredentialParameters - Class in org.springframework.security.web.webauthn.api

The PublicKeyCredentialParameters is used to supply additional parameters when creating a new credential.

PublicKeyCredentialRequestOptions - Class in org.springframework.security.web.webauthn.api

PublicKeyCredentialRequestOptions contains the information to create an assertion used for authentication.

PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder - Class in org.springframework.security.web.webauthn.api

Used to build a PublicKeyCredentialCreationOptions.

PublicKeyCredentialRequestOptionsFilter - Class in org.springframework.security.web.webauthn.authentication

A Filter that renders the PublicKeyCredentialRequestOptions in order to get a credential.

PublicKeyCredentialRequestOptionsFilter(WebAuthnRelyingPartyOperations) - Constructor for class org.springframework.security.web.webauthn.authentication.PublicKeyCredentialRequestOptionsFilter

Creates a new instance with the provided WebAuthnRelyingPartyOperations.

PublicKeyCredentialRequestOptionsRepository - Interface in org.springframework.security.web.webauthn.authentication

Saves PublicKeyCredentialRequestOptions between a request to generate an assertion and the validation of the assertion.

PublicKeyCredentialRequestOptionsRequest - Interface in org.springframework.security.web.webauthn.management

PublicKeyCredentialRpEntity - Class in org.springframework.security.web.webauthn.api

The PublicKeyCredentialRpEntity dictionary is used to supply additional Relying Party attributes when creating a new credential.

PublicKeyCredentialRpEntity.PublicKeyCredentialRpEntityBuilder - Class in org.springframework.security.web.webauthn.api

Used to create a PublicKeyCredentialRpEntity.

PublicKeyCredentialType - Class in org.springframework.security.web.webauthn.api

The PublicKeyCredentialType defines the credential types.

PublicKeyCredentialUserEntity - Interface in org.springframework.security.web.webauthn.api

PublicKeyCredentialUserEntity is used to supply additional user account attributes when creating a new credential.

PublicKeyCredentialUserEntityRepository - Interface in org.springframework.security.web.webauthn.management

A repository for managing PublicKeyCredentialUserEntity instances.

publishAuthenticationFailure(AuthenticationException, Authentication) - Method in interface org.springframework.security.authentication.AuthenticationEventPublisher

publishAuthenticationFailure(AuthenticationException, Authentication) - Method in class org.springframework.security.authentication.DefaultAuthenticationEventPublisher

publishAuthenticationSuccess(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationEventPublisher

publishAuthenticationSuccess(Authentication) - Method in class org.springframework.security.authentication.DefaultAuthenticationEventPublisher

publishAuthorizationEvent(Supplier<Authentication>, T, AuthorizationDecision) - Method in interface org.springframework.security.authorization.AuthorizationEventPublisher

Deprecated.

use AuthorizationEventPublisher.publishAuthorizationEvent(Supplier, Object, AuthorizationResult) instead

publishAuthorizationEvent(Supplier<Authentication>, T, AuthorizationDecision) - Method in class org.springframework.security.authorization.SpringAuthorizationEventPublisher

Publish the given details in the form of an event, typically AuthorizationGrantedEvent or AuthorizationDeniedEvent.

publishAuthorizationEvent(Supplier<Authentication>, T, AuthorizationResult) - Method in interface org.springframework.security.authorization.AuthorizationEventPublisher

Publish the given details in the form of an event, typically AuthorizationGrantedEvent or AuthorizationDeniedEvent.

publishAuthorizationEvent(Supplier<Authentication>, T, AuthorizationResult) - Method in class org.springframework.security.authorization.SpringAuthorizationEventPublisher

publishEvent(Object) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy.NullEventPublisher

publishEvent(ApplicationEvent) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy.NullEventPublisher

publishFailureEvent(UsernamePasswordAuthenticationToken, AuthenticationException) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider

Publishes the JaasAuthenticationFailedEvent.

publishFailureEvent(UsernamePasswordAuthenticationToken, AuthenticationException) - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider

Publishes the JaasAuthenticationFailedEvent.

publishSuccessEvent(UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider

Publishes the JaasAuthenticationSuccessEvent.

putInCache(MutableAcl) - Method in class org.springframework.security.acls.domain.SpringCacheBasedAclCache

putInCache(MutableAcl) - Method in interface org.springframework.security.acls.model.AclCache

putTicketInCache(CasAuthenticationToken) - Method in class org.springframework.security.cas.authentication.NullStatelessTicketCache

This is a no-op since we are not storing tickets.

putTicketInCache(CasAuthenticationToken) - Method in class org.springframework.security.cas.authentication.SpringCacheBasedTicketCache

putTicketInCache(CasAuthenticationToken) - Method in interface org.springframework.security.cas.authentication.StatelessTicketCache

Adds the specified CasAuthenticationToken to the cache.

putUserInCache(UserDetails) - Method in class org.springframework.security.core.userdetails.cache.NullUserCache

putUserInCache(UserDetails) - Method in class org.springframework.security.core.userdetails.cache.SpringCacheBasedUserCache

putUserInCache(UserDetails) - Method in interface org.springframework.security.core.userdetails.UserCache

Places a UserDetails in the cache.

Q

QUERY - Static variable in class org.springframework.security.oauth2.core.AuthenticationMethod

R

R2dbcReactiveOAuth2AuthorizedClientService - Class in org.springframework.security.oauth2.client

A R2DBC implementation of ReactiveOAuth2AuthorizedClientService that uses a DatabaseClient for OAuth2AuthorizedClient persistence.

R2dbcReactiveOAuth2AuthorizedClientService(DatabaseClient, ReactiveClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService

Constructs a R2dbcReactiveOAuth2AuthorizedClientService using the provided parameters.

R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder - Class in org.springframework.security.oauth2.client

A holder for OAuth2AuthorizedClient data and End-User Authentication (Resource Owner).

R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper - Class in org.springframework.security.oauth2.client

The default Function that maps R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder to a Map of String and Parameter.

R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper - Class in org.springframework.security.oauth2.client

The default BiFunction that maps the current io.r2dbc.spi.Row to a R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder.

random() - Static method in class org.springframework.security.web.webauthn.api.Bytes

Creates a secure random Bytes with random bytes and sufficient entropy.

rawId(Bytes) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential.PublicKeyCredentialBuilder

Sets the PublicKeyCredential.getRawId() property.

ReactiveAuthenticationManager - Interface in org.springframework.security.authentication

Determines if the provided Authentication can be authenticated.

ReactiveAuthenticationManagerAdapter - Class in org.springframework.security.authentication

Adapts an AuthenticationManager to the reactive APIs.

ReactiveAuthenticationManagerAdapter(AuthenticationManager) - Constructor for class org.springframework.security.authentication.ReactiveAuthenticationManagerAdapter

ReactiveAuthenticationManagerResolver<C> - Interface in org.springframework.security.authentication

An interface for resolving a ReactiveAuthenticationManager based on the provided context

ReactiveAuthorizationManager<T> - Interface in org.springframework.security.authorization

A reactive authorization manager which can determine if an Authentication has access to a specific object.

ReactiveClientRegistrationRepository - Interface in org.springframework.security.oauth2.client.registration

A reactive repository for OAuth 2.0 / OpenID Connect 1.0 ClientRegistration(s).

ReactiveCompromisedPasswordChecker - Interface in org.springframework.security.authentication.password

A Reactive API for checking if a password has been compromised.

ReactiveJwtAuthenticationConverter - Class in org.springframework.security.oauth2.server.resource.authentication

Reactive version of JwtAuthenticationConverter for converting a Jwt to a Mono<AbstractAuthenticationToken>.

ReactiveJwtAuthenticationConverter() - Constructor for class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverter

ReactiveJwtAuthenticationConverterAdapter - Class in org.springframework.security.oauth2.server.resource.authentication

A reactive Converter for adapting a non-blocking imperative Converter

ReactiveJwtAuthenticationConverterAdapter(Converter<Jwt, AbstractAuthenticationToken>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter

ReactiveJwtDecoder - Interface in org.springframework.security.oauth2.jwt

Implementations of this interface are responsible for "decoding" a JSON Web Token (JWT) from it's compact claims representation format to a Jwt.

ReactiveJwtDecoderFactory<C> - Interface in org.springframework.security.oauth2.jwt

A factory for ReactiveJwtDecoder(s).

ReactiveJwtDecoders - Class in org.springframework.security.oauth2.jwt

Allows creating a ReactiveJwtDecoder from an OpenID Provider Configuration or Authorization Server Metadata Request based on provided issuer and method invoked.

ReactiveJwtGrantedAuthoritiesConverterAdapter - Class in org.springframework.security.oauth2.server.resource.authentication

Adapts a Converter<Jwt, Collection<GrantedAuthority>> to a Converter<Jwt, Flux<GrantedAuthority>>.

ReactiveJwtGrantedAuthoritiesConverterAdapter(Converter<Jwt, Collection<GrantedAuthority>>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtGrantedAuthoritiesConverterAdapter

ReactiveOAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> - Interface in org.springframework.security.oauth2.client.endpoint

A reactive strategy for "exchanging" an authorization grant credential (e.g.

ReactiveOAuth2AuthorizationFailureHandler - Interface in org.springframework.security.oauth2.client

Handles when an OAuth 2.0 Client fails to authorize (or re-authorize) via the authorization server or resource server.

ReactiveOAuth2AuthorizationSuccessHandler - Interface in org.springframework.security.oauth2.client

Handles when an OAuth 2.0 Client has been successfully authorized (or re-authorized) via the authorization server.

ReactiveOAuth2AuthorizedClientManager - Interface in org.springframework.security.oauth2.client

Implementations of this interface are responsible for the overall management of Authorized Client(s).

ReactiveOAuth2AuthorizedClientProvider - Interface in org.springframework.security.oauth2.client

A strategy for authorizing (or re-authorizing) an OAuth 2.0 Client.

ReactiveOAuth2AuthorizedClientProviderBuilder - Class in org.springframework.security.oauth2.client

A builder that builds a DelegatingReactiveOAuth2AuthorizedClientProvider composed of one or more ReactiveOAuth2AuthorizedClientProvider(s) that implement specific authorization grants.

ReactiveOAuth2AuthorizedClientProviderBuilder.AuthorizationCodeGrantBuilder - Class in org.springframework.security.oauth2.client

A builder for the authorization_code grant.

ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder - Class in org.springframework.security.oauth2.client

A builder for the client_credentials grant.

ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder - Class in org.springframework.security.oauth2.client

A builder for the password grant.

ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder - Class in org.springframework.security.oauth2.client

A builder for the refresh_token grant.

ReactiveOAuth2AuthorizedClientService - Interface in org.springframework.security.oauth2.client

Implementations of this interface are responsible for the management of Authorized Client(s), which provide the purpose of associating an Access Token credential to a Client and Resource Owner, who is the Principal that originally granted the authorization.

ReactiveOAuth2UserService<R extends OAuth2UserRequest,U extends OAuth2User> - Interface in org.springframework.security.oauth2.client.userinfo

Implementations of this interface are responsible for obtaining the user attributes of the End-User (Resource Owner) from the UserInfo Endpoint using the Access Token granted to the Client and returning an AuthenticatedPrincipal in the form of an OAuth2User.

ReactiveOidcIdTokenDecoderFactory - Class in org.springframework.security.oauth2.client.oidc.authentication

A factory that provides a ReactiveJwtDecoder used for OidcIdToken signature verification.

ReactiveOidcIdTokenDecoderFactory() - Constructor for class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory

ReactiveOidcSessionRegistry - Interface in org.springframework.security.oauth2.client.oidc.server.session

A registry to record the tie between the OIDC Provider session and the Client session.

ReactiveOneTimeTokenService - Interface in org.springframework.security.authentication.ott.reactive

Reactive interface for generating and consuming one-time tokens.

ReactiveOpaqueTokenAuthenticationConverter - Interface in org.springframework.security.oauth2.server.resource.introspection

Convert a successful introspection result into an authentication result.

ReactiveOpaqueTokenIntrospector - Interface in org.springframework.security.oauth2.server.resource.introspection

A contract for introspecting and verifying an OAuth 2.0 token.

ReactivePreAuthenticatedAuthenticationManager - Class in org.springframework.security.web.server.authentication

Reactive version of PreAuthenticatedAuthenticationProvider This manager receives a PreAuthenticatedAuthenticationToken, checks that associated account is not disabled, expired, or blocked, and returns new authenticated PreAuthenticatedAuthenticationToken.

ReactivePreAuthenticatedAuthenticationManager(ReactiveUserDetailsService) - Constructor for class org.springframework.security.web.server.authentication.ReactivePreAuthenticatedAuthenticationManager

ReactivePreAuthenticatedAuthenticationManager(ReactiveUserDetailsService, UserDetailsChecker) - Constructor for class org.springframework.security.web.server.authentication.ReactivePreAuthenticatedAuthenticationManager

ReactiveSecurityContextHolder - Class in org.springframework.security.core.context

Allows getting and setting the Spring SecurityContext into a Context.

ReactiveSessionInformation - Class in org.springframework.security.core.session

ReactiveSessionInformation(Object, String, Instant) - Constructor for class org.springframework.security.core.session.ReactiveSessionInformation

ReactiveSessionRegistry - Interface in org.springframework.security.core.session

Maintains a registry of ReactiveSessionInformation instances.

ReactiveUserDetailsPasswordService - Interface in org.springframework.security.core.userdetails

An API for changing a UserDetails password.

ReactiveUserDetailsService - Interface in org.springframework.security.core.userdetails

An API for finding the UserDetails by username.

ReactiveUserDetailsServiceResourceFactoryBean - Class in org.springframework.security.config.core.userdetails

Constructs an MapReactiveUserDetailsService from a resource using UserDetailsResourceFactoryBean.

ReactiveUserDetailsServiceResourceFactoryBean() - Constructor for class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean

REACTOR_CONTEXT - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

ReactorContextWebFilter

ReactorContextTestExecutionListener - Class in org.springframework.security.test.context.support

Sets up the Reactor Context with the Authentication from the TestSecurityContextHolder and then clears the Reactor Context at the end of the tests.

ReactorContextTestExecutionListener() - Constructor for class org.springframework.security.test.context.support.ReactorContextTestExecutionListener

ReactorContextWebFilter - Class in org.springframework.security.web.server.context

Uses a ServerSecurityContextRepository to provide the SecurityContext to initialize the ReactiveSecurityContextHolder.

ReactorContextWebFilter(ServerSecurityContextRepository) - Constructor for class org.springframework.security.web.server.context.ReactorContextWebFilter

read - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot

read(Class<? extends RelyingPartyRegistration.Builder>, HttpInputMessage) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter

READ - Static variable in class org.springframework.security.acls.domain.BasePermission

readAclById(ObjectIdentity) - Method in class org.springframework.security.acls.jdbc.JdbcAclService

readAclById(ObjectIdentity) - Method in interface org.springframework.security.acls.model.AclService

Same as AclService.readAclsById(List) except it returns only a single Acl.

readAclById(ObjectIdentity, List<Sid>) - Method in class org.springframework.security.acls.jdbc.JdbcAclService

readAclById(ObjectIdentity, List<Sid>) - Method in interface org.springframework.security.acls.model.AclService

Same as AclService.readAclsById(List, List) except it returns only a single Acl.

readAclsById(List<ObjectIdentity>) - Method in class org.springframework.security.acls.jdbc.JdbcAclService

readAclsById(List<ObjectIdentity>) - Method in interface org.springframework.security.acls.model.AclService

Obtains all the Acls that apply for the passed Objects.

readAclsById(List<ObjectIdentity>, List<Sid>) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy

The main method.

readAclsById(List<ObjectIdentity>, List<Sid>) - Method in class org.springframework.security.acls.jdbc.JdbcAclService

readAclsById(List<ObjectIdentity>, List<Sid>) - Method in interface org.springframework.security.acls.jdbc.LookupStrategy

Perform database-specific optimized lookup.

readAclsById(List<ObjectIdentity>, List<Sid>) - Method in interface org.springframework.security.acls.model.AclService

Obtains all the Acls that apply for the passed Objects, but only for the security identifies passed.

readInternal(Class<? extends OAuth2AccessTokenResponse>, HttpInputMessage) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter

readInternal(Class<? extends OAuth2DeviceAuthorizationResponse>, HttpInputMessage) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2DeviceAuthorizationResponseHttpMessageConverter

readInternal(Class<? extends OAuth2Error>, HttpInputMessage) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter

realm(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor

Configures the realm to use

realmName(String) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer

Allows easily changing the realm, but leaving the remaining defaults in place.

REDIRECT - Enum constant in enum class org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding

REDIRECT_URI - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

redirect_uri - used in Authorization Request and Access Token Request.

redirectionEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use OAuth2LoginConfigurer.redirectionEndpoint(Customizer) instead

redirectionEndpoint(Customizer<OAuth2LoginConfigurer.RedirectionEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Configures the Client's Redirection Endpoint.

RedirectOneTimeTokenGenerationSuccessHandler - Class in org.springframework.security.web.authentication.ott

A OneTimeTokenGenerationSuccessHandler that performs a redirect to a specific location

RedirectOneTimeTokenGenerationSuccessHandler(String) - Constructor for class org.springframework.security.web.authentication.ott.RedirectOneTimeTokenGenerationSuccessHandler

Constructs an instance of this class that redirects to the specified URL.

RedirectServerAuthenticationEntryPoint - Class in org.springframework.security.web.server.authentication

Performs a redirect to a specified location.

RedirectServerAuthenticationEntryPoint(String) - Constructor for class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint

Creates an instance

RedirectServerAuthenticationFailureHandler - Class in org.springframework.security.web.server.authentication

Performs a redirect to a specified location.

RedirectServerAuthenticationFailureHandler(String) - Constructor for class org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler

Creates an instance

RedirectServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication

Performs a redirect on authentication success.

RedirectServerAuthenticationSuccessHandler() - Constructor for class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler

Creates a new instance with location of "/"

RedirectServerAuthenticationSuccessHandler(String) - Constructor for class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler

Creates a new instance with the specified location

RedirectServerLogoutSuccessHandler - Class in org.springframework.security.web.server.authentication.logout

Performs a redirect on log out success.

RedirectServerLogoutSuccessHandler() - Constructor for class org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler

redirectStrategy(RedirectStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry

Sets the RedirectStrategy instances to use in RetryWithHttpEntryPoint and RetryWithHttpsEntryPoint

RedirectStrategy - Interface in org.springframework.security.web

Encapsulates the redirection logic for all classes in the framework which perform redirects.

redirectToHttps() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.redirectToHttps(Customizer) or redirectToHttps(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

redirectToHttps(Customizer<ServerHttpSecurity.HttpsRedirectSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures HTTPS redirection rules.

redirectUri(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder

Sets the uri (or uri template) for the redirection endpoint.

redirectUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder

Sets the uri for the redirection endpoint.

redirectUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder

Sets the uri where the response was redirected to.

RedirectUrlBuilder - Class in org.springframework.security.web.util

Internal class for building redirect URLs.

RedirectUrlBuilder() - Constructor for class org.springframework.security.web.util.RedirectUrlBuilder

REFERRER_POLICY - Static variable in class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter

referrerPolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.referrerPolicy(Customizer) or referrerPolicy(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

referrerPolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.referrerPolicy(Customizer) instead.

referrerPolicy(Customizer<HeadersConfigurer.ReferrerPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows configuration for Referrer Policy.

referrerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures Referrer-Policy response header.

referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.referrerPolicy(Customizer) or referrerPolicy(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

referrerPolicy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.referrerPolicy(Customizer) instead.

ReferrerPolicyHeaderWriter - Class in org.springframework.security.web.header.writers

Provides support for Referrer Policy.

ReferrerPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter

Creates a new instance.

ReferrerPolicyHeaderWriter(ReferrerPolicyHeaderWriter.ReferrerPolicy) - Constructor for class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter

Creates a new instance.

ReferrerPolicyHeaderWriter.ReferrerPolicy - Enum Class in org.springframework.security.web.header.writers

ReferrerPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header

Writes the Referrer-Policy response header.

ReferrerPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter

ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy - Enum Class in org.springframework.security.web.server.header

refresh() - Method in class org.springframework.security.authentication.jaas.memory.InMemoryConfiguration

Does nothing, but required for JDK5

REFRESH_TOKEN - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType

REFRESH_TOKEN - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

refresh_token - used in Access Token Request and Access Token Response.

refreshLastRequest() - Method in class org.springframework.security.core.session.ReactiveSessionInformation

refreshLastRequest() - Method in class org.springframework.security.core.session.SessionInformation

Refreshes the internal lastRequest to the current date and time.

refreshLastRequest(String) - Method in interface org.springframework.security.core.session.SessionRegistry

Updates the given sessionId so its last request time is equal to the present date and time.

refreshLastRequest(String) - Method in class org.springframework.security.core.session.SessionRegistryImpl

refreshToken() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder

Configures support for the refresh_token grant.

refreshToken() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder

Configures support for the refresh_token grant.

refreshToken(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder

Sets the refresh token associated to the access token.

refreshToken(Consumer<OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder

Configures support for the refresh_token grant.

refreshToken(Consumer<ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder

Configures support for the refresh_token grant.

RefreshTokenOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client

An implementation of an OAuth2AuthorizedClientProvider for the refresh_token grant.

RefreshTokenOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider

RefreshTokenReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client

An implementation of a ReactiveOAuth2AuthorizedClientProvider for the refresh_token grant.

RefreshTokenReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.RefreshTokenReactiveOAuth2AuthorizedClientProvider

regex - Enum constant in enum class org.springframework.security.config.http.MatcherType

regexMatcher(String) - Static method in class org.springframework.security.web.util.matcher.RegexRequestMatcher

Creates a case-sensitive Pattern instance to match against the request.

regexMatcher(HttpMethod) - Static method in class org.springframework.security.web.util.matcher.RegexRequestMatcher

Creates an instance that matches to all requests with the same HttpMethod.

regexMatcher(HttpMethod, String) - Static method in class org.springframework.security.web.util.matcher.RegexRequestMatcher

Creates a case-sensitive Pattern instance to match against the request.

RegExpAllowFromStrategy - Class in org.springframework.security.web.header.writers.frameoptions

Deprecated.

ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.

RegExpAllowFromStrategy(String) - Constructor for class org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy

Deprecated.

Creates a new instance

RegexRequestMatcher - Class in org.springframework.security.web.util.matcher

Uses a regular expression to decide whether a supplied the URL of a supplied HttpServletRequest.

RegexRequestMatcher(String, String) - Constructor for class org.springframework.security.web.util.matcher.RegexRequestMatcher

Creates a case-sensitive Pattern instance to match against the request.

RegexRequestMatcher(String, String, boolean) - Constructor for class org.springframework.security.web.util.matcher.RegexRequestMatcher

As above, but allows setting of whether case-insensitive matching should be used.

region(String) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder

Sets the state, province, prefecture, or region.

registerAuthenticationEntryPoint(B, AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

registerCredential(RelyingPartyRegistrationRequest) - Method in class org.springframework.security.web.webauthn.management.Webauthn4JRelyingPartyOperations

registerCredential(RelyingPartyRegistrationRequest) - Method in interface org.springframework.security.web.webauthn.management.WebAuthnRelyingPartyOperations

If RelyingPartyRegistrationRequest is valid, will register and return a new CredentialRecord.

registerDefaultAuthenticationEntryPoint(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

RegisteredOAuth2AuthorizedClient - Annotation Interface in org.springframework.security.oauth2.client.annotation

This annotation may be used to resolve a method parameter to an argument value of type OAuth2AuthorizedClient.

registerExtractor(Class<? extends Throwable>, ThrowableCauseExtractor) - Method in class org.springframework.security.web.util.ThrowableAnalyzer

Registers a ThrowableCauseExtractor for the specified type.

registerHints(RuntimeHints, ConfigurableListableBeanFactory) - Method in class org.springframework.security.aot.hint.AuthorizeReturnObjectCoreHintsRegistrar

Register hints after preparing them through Security's infrastructural beans

registerHints(RuntimeHints, ConfigurableListableBeanFactory) - Method in class org.springframework.security.aot.hint.AuthorizeReturnObjectHintsRegistrar

Register hints after preparing them through Security's infrastructural beans

registerHints(RuntimeHints, ConfigurableListableBeanFactory) - Method in class org.springframework.security.aot.hint.PrePostAuthorizeExpressionBeanHintsRegistrar

registerHints(RuntimeHints, ConfigurableListableBeanFactory) - Method in class org.springframework.security.aot.hint.PrePostAuthorizeHintsRegistrar

registerHints(RuntimeHints, ConfigurableListableBeanFactory) - Method in interface org.springframework.security.aot.hint.SecurityHintsRegistrar

Register hints after preparing them through Security's infrastructural beans

registerHints(RuntimeHints, ConfigurableListableBeanFactory) - Method in class org.springframework.security.data.aot.hint.AuthorizeReturnObjectDataHintsRegistrar

registerMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry

Subclasses should implement this method for returning the object that is chained to the creation of the ServerWebExchangeMatcher instances.

registerMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec

registerNewSession(String, Object) - Method in interface org.springframework.security.core.session.SessionRegistry

Registers a new session for the specified principal.

registerNewSession(String, Object) - Method in class org.springframework.security.core.session.SessionRegistryImpl

registerPermission(Permission, String) - Method in class org.springframework.security.acls.domain.DefaultPermissionFactory

registerPublicPermissions(Class<? extends Permission>) - Method in class org.springframework.security.acls.domain.DefaultPermissionFactory

Registers the public static fields of type Permission for a give class.

RegisterSessionAuthenticationStrategy - Class in org.springframework.security.web.authentication.session

Strategy used to register a user with the SessionRegistry after successful Authentication.

RegisterSessionAuthenticationStrategy(SessionRegistry) - Constructor for class org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy

RegisterSessionServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication

An implementation of ServerAuthenticationSuccessHandler that will register a ReactiveSessionInformation with the provided ReactiveSessionRegistry.

RegisterSessionServerAuthenticationSuccessHandler(ReactiveSessionRegistry) - Constructor for class org.springframework.security.web.server.authentication.RegisterSessionServerAuthenticationSuccessHandler

registerStompEndpoints(StompEndpointRegistry) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

Deprecated.

REGISTRATION_ID - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

Non-standard parameter (used internally).

registrationId() - Element in annotation interface org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient

Sets the client registration identifier.

registrationId(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder

Sets the registration id.

registrationId(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder

Deprecated.

registrationId(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder

Sets the registrationId template.

RELAY_STATE - Static variable in class org.springframework.security.saml2.core.Saml2ParameterNames

RelayState - used to communicate shared state between the relying and asserting party

relayState(String) - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder

Sets the RelayState parameter that will accompany this AuthNRequest

relayState(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder

Use this value for the relay state when sending the Logout Request to the asserting party It should not be URL-encoded as this will be done when the request is sent

relayState(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder

Use this value for the relay state when sending the Logout Request to the asserting party It should not be URL-encoded as this will be done when the response is sent

release() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag

RELYING_PARTY_REGISTRATION_NOT_FOUND - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes

The relying party registration was not found.

RELYING_PARTY_REGISTRATIONS - Static variable in class org.springframework.security.config.Elements

RelyingPartyAuthenticationRequest - Class in org.springframework.security.web.webauthn.management

The data object used to provide the information necessary to authenticate a user with WebAuthn.

RelyingPartyAuthenticationRequest(PublicKeyCredentialRequestOptions, PublicKeyCredential<AuthenticatorAssertionResponse>) - Constructor for class org.springframework.security.web.webauthn.management.RelyingPartyAuthenticationRequest

Creates a new instance.

RelyingPartyPublicKey - Class in org.springframework.security.web.webauthn.management

Submitted by a client to request registration of a new credential.

RelyingPartyPublicKey(PublicKeyCredential<AuthenticatorAttestationResponse>, String) - Constructor for class org.springframework.security.web.webauthn.management.RelyingPartyPublicKey

Creates a new instance.

RelyingPartyRegistration - Class in org.springframework.security.saml2.provider.service.registration

Represents a configured relying party (aka Service Provider) and asserting party (aka Identity Provider) pair.

RelyingPartyRegistration(String, String, String, Saml2MessageBinding, String, String, Collection<Saml2MessageBinding>, RelyingPartyRegistration.AssertingPartyDetails, String, boolean, Collection<Saml2X509Credential>, Collection<Saml2X509Credential>) - Constructor for class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration

RelyingPartyRegistration.AssertingPartyDetails - Class in org.springframework.security.saml2.provider.service.registration

The configuration metadata of the Asserting party

RelyingPartyRegistration.AssertingPartyDetails.Builder - Class in org.springframework.security.saml2.provider.service.registration

RelyingPartyRegistration.Builder - Class in org.springframework.security.saml2.provider.service.registration

RelyingPartyRegistrationPlaceholderResolvers - Class in org.springframework.security.saml2.provider.service.web

A factory for creating placeholder resolvers for RelyingPartyRegistration templates.

RelyingPartyRegistrationPlaceholderResolvers.UriResolver - Class in org.springframework.security.saml2.provider.service.web

A class for resolving RelyingPartyRegistration URIs

relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

Sets the RelyingPartyRegistrationRepository of relying parties, each party representing a service provider, SP and this host, and identity provider, IDP pair that communicate with each other.

relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer

Sets the RelyingPartyRegistrationRepository of relying parties, each party representing a service provider, SP and this host, and identity provider, IDP pair that communicate with each other.

RelyingPartyRegistrationRepository - Interface in org.springframework.security.saml2.provider.service.registration

A repository for RelyingPartyRegistrations

RelyingPartyRegistrationRequest - Interface in org.springframework.security.web.webauthn.management

RelyingPartyRegistrationResolver - Interface in org.springframework.security.saml2.provider.service.web

A contract for resolving a RelyingPartyRegistration from the HTTP request

RelyingPartyRegistrations - Class in org.springframework.security.saml2.provider.service.registration

A utility class for constructing instances of RelyingPartyRegistration

RelyingPartyRegistrationsBeanDefinitionParser - Class in org.springframework.security.config.saml2

RelyingPartyRegistrationsBeanDefinitionParser() - Constructor for class org.springframework.security.config.saml2.RelyingPartyRegistrationsBeanDefinitionParser

REMEMBER_ME - Static variable in class org.springframework.security.config.Elements

rememberMe() - Static method in class org.springframework.security.authorization.AuthenticatedAuthorizationManager

Creates an instance of AuthenticatedAuthorizationManager that determines if the Authentication is authenticated using remember me.

rememberMe() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.rememberMe(Customizer) or rememberMe(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

rememberMe() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Specify that URLs are allowed by users that have been remembered.

rememberMe() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Deprecated.

Specify that URLs are allowed by users that have been remembered.

rememberMe() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Deprecated.

Specify that Messages are allowed by users that have been remembered.

rememberMe() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint

Specify that Messages are allowed by users that have been remembered.

rememberMe() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl

Specify that URLs are allowed by users that have been remembered.

rememberMe(Customizer<RememberMeConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring of Remember Me authentication.

RememberMeAuthenticationException - Exception in org.springframework.security.web.authentication.rememberme

This exception is thrown when an Authentication exception occurs while using the remember-me authentication.

RememberMeAuthenticationException(String) - Constructor for exception org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException

Constructs an RememberMeAuthenticationException with the specified message and no root cause.

RememberMeAuthenticationException(String, Throwable) - Constructor for exception org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException

Constructs a RememberMeAuthenticationException with the specified message and root cause.

RememberMeAuthenticationFilter - Class in org.springframework.security.web.authentication.rememberme

Detects if there is no Authentication object in the SecurityContext, and populates the context with a remember-me authentication token if a RememberMeServices implementation so requests.

RememberMeAuthenticationFilter(AuthenticationManager, RememberMeServices) - Constructor for class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter

RememberMeAuthenticationProvider - Class in org.springframework.security.authentication

An AuthenticationProvider implementation that validates RememberMeAuthenticationTokens.

RememberMeAuthenticationProvider(String) - Constructor for class org.springframework.security.authentication.RememberMeAuthenticationProvider

RememberMeAuthenticationToken - Class in org.springframework.security.authentication

Represents a remembered Authentication.

RememberMeAuthenticationToken(String, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.RememberMeAuthenticationToken

Constructor.

RememberMeConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Configures Remember Me authentication.

RememberMeConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

Creates a new instance

rememberMeCookieDomain(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

The domain name within which the remember me cookie is visible.

rememberMeCookieName(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

The name of cookie which store the token for remember me authentication.

rememberMeParameter(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

The HTTP parameter used to indicate to remember the user at time of login.

rememberMeRequested(HttpServletRequest, String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

Allows customization of whether a remember-me login has been requested.

rememberMeServices(RememberMeServices) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

Specify the RememberMeServices to use.

RememberMeServices - Interface in org.springframework.security.web.authentication

Implement by a class that is capable of providing a remember-me service.

removeAuthenticationRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.saml2.provider.service.web.HttpSessionSaml2AuthenticationRequestRepository

removeAuthenticationRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestRepository

Removes the authentication request using the HttpServletRequest and HttpServletResponse

removeAuthorities(LdapName, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

removeAuthorities(DistinguishedName, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

Deprecated.

removeAuthorizationRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.oauth2.client.web.AuthorizationRequestRepository

Removes and returns the OAuth2AuthorizationRequest associated to the provided HttpServletRequest and HttpServletResponse or if not available returns null.

removeAuthorizationRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository

removeAuthorizationRequest(ServerWebExchange) - Method in interface org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository

Removes and returns the OAuth2AuthorizationRequest associated to the provided HttpServletRequest or if not available returns null.

removeAuthorizationRequest(ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.WebSessionOAuth2ServerAuthorizationRequestRepository

removeAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService

removeAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService

removeAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService

removeAuthorizedClient(String, String) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizedClientService

Removes the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User's Principal name.

removeAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService

removeAuthorizedClient(String, String) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService

Removes the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User's Principal name.

removeAuthorizedClient(String, Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository

removeAuthorizedClient(String, Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizedClientRepository

removeAuthorizedClient(String, Authentication, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository

Removes the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User Authentication (Resource Owner).

removeAuthorizedClient(String, Authentication, Map<String, Object>) - Method in interface org.springframework.security.oauth2.client.RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover

Removes the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User Authentication (Resource Owner).

removeAuthorizedClient(String, Authentication, Map<String, Object>) - Method in interface org.springframework.security.oauth2.client.RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover

Removes the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User Authentication (Resource Owner).

removeAuthorizedClient(String, Authentication, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository

removeAuthorizedClient(String, Authentication, ServerWebExchange) - Method in interface org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository

Removes the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User Authentication (Resource Owner).

removeAuthorizedClient(String, Authentication, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.WebSessionServerOAuth2AuthorizedClientRepository

RemoveAuthorizedClientOAuth2AuthorizationFailureHandler - Class in org.springframework.security.oauth2.client

An OAuth2AuthorizationFailureHandler that removes an OAuth2AuthorizedClient when the OAuth2Error.getErrorCode() matches one of the configured OAuth 2.0 error codes.

RemoveAuthorizedClientOAuth2AuthorizationFailureHandler(RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover) - Constructor for class org.springframework.security.oauth2.client.RemoveAuthorizedClientOAuth2AuthorizationFailureHandler

Constructs a RemoveAuthorizedClientOAuth2AuthorizationFailureHandler using the provided parameters.

RemoveAuthorizedClientOAuth2AuthorizationFailureHandler(RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover, Set<String>) - Constructor for class org.springframework.security.oauth2.client.RemoveAuthorizedClientOAuth2AuthorizationFailureHandler

Constructs a RemoveAuthorizedClientOAuth2AuthorizationFailureHandler using the provided parameters.

RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover - Interface in org.springframework.security.oauth2.client

Removes an OAuth2AuthorizedClient from an OAuth2AuthorizedClientRepository or OAuth2AuthorizedClientService.

RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler - Class in org.springframework.security.oauth2.client

A ReactiveOAuth2AuthorizationFailureHandler that removes an OAuth2AuthorizedClient when the OAuth2Error.getErrorCode() matches one of the configured OAuth 2.0 error codes.

RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler(RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover) - Constructor for class org.springframework.security.oauth2.client.RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler

Constructs a RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler using the provided parameters.

RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler(RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover, Set<String>) - Constructor for class org.springframework.security.oauth2.client.RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler

Constructs a RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler using the provided parameters.

RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover - Interface in org.springframework.security.oauth2.client

Removes an OAuth2AuthorizedClient from a ServerOAuth2AuthorizedClientRepository or ReactiveOAuth2AuthorizedClientService.

removeConfigurer(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Removes and returns the SecurityConfigurer by its class name or null if not found.

removeConfigurer(Class<C>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder

Removes the SecurityConfigurer by its class name or null if not found.

removeConfigurers(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Removes all the SecurityConfigurer instances by its class name or an empty List if not found.

removeGroupAuthority(String, GrantedAuthority) - Method in interface org.springframework.security.provisioning.GroupManager

Deletes an authority from those assigned to a group

removeGroupAuthority(String, GrantedAuthority) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

removeLogoutRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.HttpSessionLogoutRequestRepository

Removes and returns the Saml2LogoutRequest associated to the provided HttpServletRequest and HttpServletResponse or if not available returns null.

removeLogoutRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestRepository

Removes and returns the Saml2LogoutRequest associated to the provided HttpServletRequest and HttpServletResponse or if not available returns null.

removeMatchingRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache

removeMatchingRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.NoOpServerRequestCache

removeMatchingRequest(ServerWebExchange) - Method in interface org.springframework.security.web.server.savedrequest.ServerRequestCache

If the provided ServerWebExchange matches the saved ServerHttpRequest gets the saved ServerHttpRequest

removeMatchingRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache

removeRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache

removeRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache

removeRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.NullRequestCache

removeRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.savedrequest.RequestCache

Removes the cached request.

removeSessionInformation(String) - Method in class org.springframework.security.core.session.InMemoryReactiveSessionRegistry

removeSessionInformation(String) - Method in interface org.springframework.security.core.session.ReactiveSessionRegistry

Removes the specified session from the registry.

removeSessionInformation(String) - Method in interface org.springframework.security.core.session.SessionRegistry

Deletes all the session information being maintained for the specified sessionId.

removeSessionInformation(String) - Method in class org.springframework.security.core.session.SessionRegistryImpl

removeSessionInformation(String) - Method in class org.springframework.security.oauth2.client.oidc.server.session.InMemoryReactiveOidcSessionRegistry

removeSessionInformation(String) - Method in interface org.springframework.security.oauth2.client.oidc.server.session.ReactiveOidcSessionRegistry

Deregister the OIDC Provider session tied to the provided client session.

removeSessionInformation(String) - Method in class org.springframework.security.oauth2.client.oidc.session.InMemoryOidcSessionRegistry

removeSessionInformation(String) - Method in interface org.springframework.security.oauth2.client.oidc.session.OidcSessionRegistry

Deregister the OIDC Provider session tied to the provided client session.

removeSessionInformation(OidcLogoutToken) - Method in class org.springframework.security.oauth2.client.oidc.server.session.InMemoryReactiveOidcSessionRegistry

removeSessionInformation(OidcLogoutToken) - Method in interface org.springframework.security.oauth2.client.oidc.server.session.ReactiveOidcSessionRegistry

Deregister the OIDC Provider sessions referenced by the provided OIDC Logout Token by its session id or its subject.

removeSessionInformation(OidcLogoutToken) - Method in class org.springframework.security.oauth2.client.oidc.session.InMemoryOidcSessionRegistry

removeSessionInformation(OidcLogoutToken) - Method in interface org.springframework.security.oauth2.client.oidc.session.OidcSessionRegistry

Deregister the OIDC Provider sessions referenced by the provided OIDC Logout Token by its session id or its subject.

removeTicketFromCache(String) - Method in class org.springframework.security.cas.authentication.NullStatelessTicketCache

This is a no-op since we are not storing tickets.

removeTicketFromCache(String) - Method in class org.springframework.security.cas.authentication.SpringCacheBasedTicketCache

removeTicketFromCache(String) - Method in interface org.springframework.security.cas.authentication.StatelessTicketCache

Removes the specified ticket from the cache, meaning that future calls will require a new service ticket.

removeTicketFromCache(CasAuthenticationToken) - Method in class org.springframework.security.cas.authentication.NullStatelessTicketCache

This is a no-op since we are not storing tickets.

removeTicketFromCache(CasAuthenticationToken) - Method in class org.springframework.security.cas.authentication.SpringCacheBasedTicketCache

removeTicketFromCache(CasAuthenticationToken) - Method in interface org.springframework.security.cas.authentication.StatelessTicketCache

Removes the specified ticket from the cache, as per StatelessTicketCache.removeTicketFromCache(String).

removeUserFromCache(String) - Method in class org.springframework.security.core.userdetails.cache.NullUserCache

removeUserFromCache(String) - Method in class org.springframework.security.core.userdetails.cache.SpringCacheBasedUserCache

removeUserFromCache(String) - Method in interface org.springframework.security.core.userdetails.UserCache

Removes the specified user from the cache.

removeUserFromCache(UserDetails) - Method in class org.springframework.security.core.userdetails.cache.SpringCacheBasedUserCache

removeUserFromGroup(String, String) - Method in interface org.springframework.security.provisioning.GroupManager

Deletes a user's membership of a group.

removeUserFromGroup(String, String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

removeUserTokens(String) - Method in class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl

removeUserTokens(String) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl

removeUserTokens(String) - Method in interface org.springframework.security.web.authentication.rememberme.PersistentTokenRepository

renameGroup(String, String) - Method in interface org.springframework.security.provisioning.GroupManager

Changes the name of a group without altering the assigned authorities or members.

renameGroup(String, String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

reportOnly() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig

Enables (includes) the Content-Security-Policy-Report-Only header in the response.

reportOnly(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig

Deprecated.

If true, the browser should not terminate the connection with the server.

reportOnly(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec

Whether to include the Content-Security-Policy-Report-Only header in the response.

reportUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig

Deprecated.

Sets the URI to which the browser should report pin validation failures.

reportUri(URI) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig

Deprecated.

Sets the URI to which the browser should report pin validation failures.

request - Variable in class org.springframework.security.web.access.expression.WebSecurityExpressionRoot

Allows direct access to the request object

REQUEST_CACHE - Static variable in class org.springframework.security.config.Elements

REQUEST_CHANNEL - Enum constant in enum class org.springframework.security.rsocket.api.PayloadExchangeType

A Request Channel exchange.

REQUEST_RESPONSE - Enum constant in enum class org.springframework.security.rsocket.api.PayloadExchangeType

A Request Response exchange.

REQUEST_SCOPE_ATTRIBUTE_NAME - Static variable in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext

The name of the attribute in the context associated to the value for the "request scope(s)".

REQUEST_STREAM - Enum constant in enum class org.springframework.security.rsocket.api.PayloadExchangeType

A Request Stream exchange.

RequestAttributeAuthenticationFilter - Class in org.springframework.security.web.authentication.preauth

A simple pre-authenticated filter which obtains the username from request attributes, for use with SSO systems such as Stanford WebAuth or Shibboleth.

RequestAttributeAuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter

RequestAttributeClientRegistrationIdResolver - Class in org.springframework.security.oauth2.client.web.client

A strategy for resolving a clientRegistrationId from an intercepted request using attributes.

RequestAttributeClientRegistrationIdResolver() - Constructor for class org.springframework.security.oauth2.client.web.client.RequestAttributeClientRegistrationIdResolver

RequestAttributePrincipalResolver - Class in org.springframework.security.oauth2.client.web.client

A strategy for resolving a principal from an intercepted request using attributes.

RequestAttributePrincipalResolver() - Constructor for class org.springframework.security.oauth2.client.web.client.RequestAttributePrincipalResolver

RequestAttributeSecurityContextRepository - Class in org.springframework.security.web.context

Stores the SecurityContext on a ServletRequest.setAttribute(String, Object) so that it can be restored when different dispatch types occur.

RequestAttributeSecurityContextRepository() - Constructor for class org.springframework.security.web.context.RequestAttributeSecurityContextRepository

Creates a new instance using RequestAttributeSecurityContextRepository.DEFAULT_REQUEST_ATTR_NAME.

RequestAttributeSecurityContextRepository(String) - Constructor for class org.springframework.security.web.context.RequestAttributeSecurityContextRepository

Creates a new instance with the specified request attribute name.

RequestAuthorizationContext - Class in org.springframework.security.web.access.intercept

An HttpServletRequest authorization context.

RequestAuthorizationContext(HttpServletRequest) - Constructor for class org.springframework.security.web.access.intercept.RequestAuthorizationContext

Creates an instance.

RequestAuthorizationContext(HttpServletRequest, Map<String, String>) - Constructor for class org.springframework.security.web.access.intercept.RequestAuthorizationContext

Creates an instance.

requestCache() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.requestCache(Customizer) or requestCache(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

requestCache() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.requestCache(Customizer) or requestCache(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

requestCache(Customizer<RequestCacheConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring the Request Cache.

requestCache(Customizer<ServerHttpSecurity.RequestCacheSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures the request cache which is used when a flow is interrupted (i.e.

requestCache(RequestCache) - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer

Allows explicit configuration of the RequestCache to be used.

requestCache(ServerRequestCache) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec

Configures the cache used

RequestCache - Interface in org.springframework.security.web.savedrequest

Implements "saved request" logic, allowing a single request to be retrieved and restarted after redirecting to an authentication mechanism.

RequestCacheAwareFilter - Class in org.springframework.security.web.savedrequest

Responsible for reconstituting the saved request if one is cached and it matches the current request.

RequestCacheAwareFilter() - Constructor for class org.springframework.security.web.savedrequest.RequestCacheAwareFilter

RequestCacheAwareFilter(RequestCache) - Constructor for class org.springframework.security.web.savedrequest.RequestCacheAwareFilter

RequestCacheConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds request cache for Spring Security.

RequestCacheConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer

requestDataValueProcessor() - Method in class org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration

Deprecated.

REQUESTED_TOKEN_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

requested_token_type - used in Token Exchange Access Token Request.

RequestedUrlRedirectInvalidSessionStrategy - Class in org.springframework.security.web.session

Performs a redirect to the original request URL when an invalid requested session is detected by the SessionManagementFilter.

RequestedUrlRedirectInvalidSessionStrategy() - Constructor for class org.springframework.security.web.session.RequestedUrlRedirectInvalidSessionStrategy

RequestHeaderAuthenticationFilter - Class in org.springframework.security.web.authentication.preauth

A simple pre-authenticated filter which obtains the username from a request header, for use with systems such as CA Siteminder.

RequestHeaderAuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter

RequestHeaderRequestMatcher - Class in org.springframework.security.web.util.matcher

A RequestMatcher that can be used to match request that contain a header with an expected header name and an expected value.

RequestHeaderRequestMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher

Creates a new instance that will match if a header by the name of RequestHeaderRequestMatcher.expectedHeaderName is present.

RequestHeaderRequestMatcher(String, String) - Constructor for class org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher

Creates a new instance that will match if a header by the name of RequestHeaderRequestMatcher.expectedHeaderName is present and if the RequestHeaderRequestMatcher.expectedHeaderValue is non-null the first value is the same.

RequestKey - Class in org.springframework.security.web.access.intercept

RequestKey(String) - Constructor for class org.springframework.security.web.access.intercept.RequestKey

RequestKey(String, String) - Constructor for class org.springframework.security.web.access.intercept.RequestKey

requestMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig

Sets the RequestMatcher used to determine if the "Strict-Transport-Security" should be added.

RequestMatcher - Interface in org.springframework.security.web.util.matcher

Simple strategy to match an HttpServletRequest.

RequestMatcher.MatchResult - Class in org.springframework.security.web.util.matcher

The result of matching against an HttpServletRequest Contains the status, true or false, of the match and if present, any variables extracted from the match

RequestMatcherDelegatingAccessDeniedHandler - Class in org.springframework.security.web.access

An AccessDeniedHandler that delegates to other AccessDeniedHandler instances based upon the type of HttpServletRequest passed into RequestMatcherDelegatingAccessDeniedHandler.handle(HttpServletRequest, HttpServletResponse, AccessDeniedException).

RequestMatcherDelegatingAccessDeniedHandler(LinkedHashMap<RequestMatcher, AccessDeniedHandler>, AccessDeniedHandler) - Constructor for class org.springframework.security.web.access.RequestMatcherDelegatingAccessDeniedHandler

Creates a new instance

RequestMatcherDelegatingAuthenticationManagerResolver - Class in org.springframework.security.web.authentication

An AuthenticationManagerResolver that returns a AuthenticationManager instances based upon the type of HttpServletRequest passed into RequestMatcherDelegatingAuthenticationManagerResolver.resolve(HttpServletRequest).

RequestMatcherDelegatingAuthenticationManagerResolver.Builder - Class in org.springframework.security.web.authentication

A builder for RequestMatcherDelegatingAuthenticationManagerResolver.

RequestMatcherDelegatingAuthorizationManager - Class in org.springframework.security.web.access.intercept

An AuthorizationManager which delegates to a specific AuthorizationManager based on a RequestMatcher evaluation.

RequestMatcherDelegatingAuthorizationManager.Builder - Class in org.springframework.security.web.access.intercept

A builder for RequestMatcherDelegatingAuthorizationManager.

RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl - Class in org.springframework.security.web.access.intercept

An object that allows configuring the AuthorizationManager for RequestMatchers.

RequestMatcherDelegatingWebInvocationPrivilegeEvaluator - Class in org.springframework.security.web.access

A WebInvocationPrivilegeEvaluator which delegates to a list of WebInvocationPrivilegeEvaluator based on a RequestMatcher evaluation

RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(List<RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>>>) - Constructor for class org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator

RequestMatcherEditor - Class in org.springframework.security.web.util.matcher

PropertyEditor which creates ELRequestMatcher instances from Strings This allows to use a String in a BeanDefinition instead of an (inner) bean if a RequestMatcher is required, e.g.

RequestMatcherEditor() - Constructor for class org.springframework.security.web.util.matcher.RequestMatcherEditor

RequestMatcherEntry<T> - Class in org.springframework.security.web.util.matcher

A rich object for associating a RequestMatcher to another object.

RequestMatcherEntry(RequestMatcher, T) - Constructor for class org.springframework.security.web.util.matcher.RequestMatcherEntry

RequestMatcherMetadataResponseResolver - Class in org.springframework.security.saml2.provider.service.metadata

Deprecated.

Please use RequestMatcherMetadataResponseResolver

RequestMatcherMetadataResponseResolver - Class in org.springframework.security.saml2.provider.service.web.metadata

An implementation of Saml2MetadataResponseResolver that identifies which RelyingPartyRegistrations to use with a RequestMatcher

RequestMatcherMetadataResponseResolver(RelyingPartyRegistrationRepository, Saml2MetadataResolver) - Constructor for class org.springframework.security.saml2.provider.service.metadata.RequestMatcherMetadataResponseResolver

Deprecated.

Construct a RequestMatcherMetadataResponseResolver

RequestMatcherMetadataResponseResolver(RelyingPartyRegistrationRepository, Saml2MetadataResolver) - Constructor for class org.springframework.security.saml2.provider.service.web.metadata.RequestMatcherMetadataResponseResolver

Construct a RequestMatcherMetadataResponseResolver

RequestMatcherRedirectFilter - Class in org.springframework.security.web

Filter that redirects requests that match RequestMatcher to the specified URL.

RequestMatcherRedirectFilter(RequestMatcher, String) - Constructor for class org.springframework.security.web.RequestMatcherRedirectFilter

Create and initialize an instance of the filter.

requestMatchers - Variable in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl

requestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

If the HandlerMappingIntrospector is available in the classpath, maps to an MvcRequestMatcher that does not care which HttpMethod is used.

requestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry

Deprecated.

requestMatchers(HttpMethod) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

If the HandlerMappingIntrospector is available in the classpath, maps to an MvcRequestMatcher that matches on a specific HttpMethod.

requestMatchers(HttpMethod) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry

Deprecated.

requestMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

If the HandlerMappingIntrospector is available in the classpath, maps to an MvcRequestMatcher that also specifies a specific HttpMethod to match on.

requestMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry

Deprecated.

requestMatchers(RequestMatcher...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

Associates a list of RequestMatcher instances with the AbstractConfigAttributeRequestMatcherRegistry

requestMatchers(RequestMatcher...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry

Deprecated.

requestMatchers(RequestMatcher...) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder

Maps RequestMatchers to AuthorizationManager.

RequestMatchers - Class in org.springframework.security.web.util.matcher

A factory class to create RequestMatcher instances.

RequestRejectedException - Exception in org.springframework.security.web.firewall

RequestRejectedException(String) - Constructor for exception org.springframework.security.web.firewall.RequestRejectedException

requestRejectedHandler(RequestRejectedHandler) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Sets the handler to handle RequestRejectedException

RequestRejectedHandler - Interface in org.springframework.security.web.firewall

Used by FilterChainProxy to handle an RequestRejectedException.

RequestVariablesExtractor - Interface in org.springframework.security.web.util.matcher

Deprecated.

use RequestMatcher.MatchResult from RequestMatcher.matcher(HttpServletRequest)

REQUIRE_CORP - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy

REQUIRE_CORP - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy

requireCsrfProtectionMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec

Configures the ServerWebExchangeMatcher used to determine when CSRF protection is enabled.

requireCsrfProtectionMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer

Specify the RequestMatcher to use for determining when CSRF should be applied.

REQUIRED - Static variable in class org.springframework.security.web.webauthn.api.ResidentKeyRequirement

The required value indicates that the Relying Party requires a client-side discoverable credential.

REQUIRED - Static variable in class org.springframework.security.web.webauthn.api.UserVerificationRequirement

The required value indicates that the Relying Party requires user verification for the operation and will fail the overall ceremony if the response does not have the UV flag set.

requireExplicitAuthenticationStrategy(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Setting this means that explicit invocation of SessionAuthenticationStrategy is required.

requireExplicitSave(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer

requireInitialize(Consumer<XMLObjectProviderRegistry>) - Static method in class org.springframework.security.saml2.core.OpenSamlInitializationService

Ready OpenSAML for use, configure it with reasonable defaults, and modify the XMLObjectProviderRegistry using the provided Consumer.

requirePermission - Variable in class org.springframework.security.acls.afterinvocation.AbstractAclProvider

requires(String) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl

requiresAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter

Overridden to provide proxying capabilities.

requiresAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter

requiresAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Indicates whether this filter should attempt to process a login request for the current invocation.

requiresAuthenticationMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

Configures when authentication is performed.

requiresChannel() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.requiresChannel(Customizer) or requiresChannel(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

requiresChannel(Customizer<ChannelSecurityConfigurer.ChannelRequestMatcherRegistry>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures channel security.

requiresExitUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

Checks the request URI for the presence of exitUserUrl.

requiresInsecure() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl

requiresLogout(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter

Allow subclasses to modify when a logout should take place.

requiresLogout(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec

Configures when the log out will be triggered.

requiresSecure() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl

requiresSwitchUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

Checks the request URI for the presence of switchUserUrl.

requireUnique(Class<A>) - Static method in class org.springframework.security.core.annotation.SecurityAnnotationScanners

Create a SecurityAnnotationScanner that requires synthesized annotations to be unique on the given AnnotatedElement.

requireUnique(Class<A>, AnnotationTemplateExpressionDefaults) - Static method in class org.springframework.security.core.annotation.SecurityAnnotationScanners

Create a SecurityAnnotationScanner that requires synthesized annotations to be unique on the given AnnotatedElement.

requireUnique(List<Class<? extends Annotation>>) - Static method in class org.springframework.security.core.annotation.SecurityAnnotationScanners

Create a SecurityAnnotationScanner that requires synthesized annotations to be unique on the given AnnotatedElement.

RESERVED_OFF - Static variable in interface org.springframework.security.acls.model.Permission

RESERVED_ON - Static variable in interface org.springframework.security.acls.model.Permission

reset() - Method in class org.springframework.security.web.firewall.FirewalledRequest

This method will be called once the request has passed through the security filter chain, when it is about to proceed to the application proper.

residentKey(ResidentKeyRequirement) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria.AuthenticatorSelectionCriteriaBuilder

Sets the AuthenticatorSelectionCriteria.getResidentKey() property.

ResidentKeyRequirement - Class in org.springframework.security.web.webauthn.api

The ResidentKeyRequirement describes the Relying Partys requirements for client-side discoverable credentials.

resolve(C) - Method in interface org.springframework.security.authentication.AuthenticationManagerResolver

Resolve an AuthenticationManager from a provided context

resolve(C) - Method in interface org.springframework.security.authentication.ReactiveAuthenticationManagerResolver

resolve(HttpServletRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver

resolve(HttpServletRequest) - Method in interface org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver

Returns the OAuth2AuthorizationRequest resolved from the provided HttpServletRequest or null if not available.

resolve(HttpServletRequest) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver

Return an AuthenticationManager based off of the `iss` claim found in the request's bearer token

resolve(HttpServletRequest) - Method in interface org.springframework.security.oauth2.server.resource.web.BearerTokenResolver

Resolve any Bearer Token value from the request.

resolve(HttpServletRequest) - Method in class org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver

resolve(HttpServletRequest) - Method in class org.springframework.security.oauth2.server.resource.web.HeaderBearerTokenResolver

resolve(HttpServletRequest) - Method in interface org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponseResolver

Construct and serialize a relying party's SAML 2.0 metadata based on the given HttpServletRequest

resolve(HttpServletRequest) - Method in interface org.springframework.security.saml2.provider.service.web.authentication.Saml2AuthenticationRequestResolver

resolve(HttpServletRequest) - Method in class org.springframework.security.saml2.provider.service.web.metadata.RequestMatcherMetadataResponseResolver

Construct and serialize a relying party's SAML 2.0 metadata based on the given HttpServletRequest.

resolve(HttpServletRequest) - Method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver

Resolve an AuthenticationManager from a provided context

resolve(HttpServletRequest, String) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver

resolve(HttpServletRequest, String) - Method in interface org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver

Returns the OAuth2AuthorizationRequest resolved from the provided HttpServletRequest or null if not available.

resolve(HttpServletRequest, String) - Method in class org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver

Resolve a RelyingPartyRegistration from the HTTP request, using the relyingPartyRegistrationId, if it is provided

resolve(HttpServletRequest, String) - Method in interface org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver

Resolve a RelyingPartyRegistration from the HTTP request, using the relyingPartyRegistrationId, if it is provided

resolve(HttpServletRequest, Authentication) - Method in interface org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestResolver

Prepare to create, sign, and serialize a SAML 2.0 Logout Request.

resolve(HttpServletRequest, Authentication) - Method in interface org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestValidatorParametersResolver

Resolve any SAML 2.0 Logout Request and associated RelyingPartyRegistration

resolve(HttpServletRequest, Authentication) - Method in interface org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseResolver

Prepare to create, sign, and serialize a SAML 2.0 Logout Response.

resolve(Iterable<RelyingPartyRegistration>) - Method in interface org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResolver

resolve(String) - Method in class org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers.UriResolver

resolve(HttpRequest) - Method in interface org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver

Resolve the clientRegistrationId from the current request, which is used to obtain an OAuth2AuthorizedClient.

resolve(HttpRequest) - Method in interface org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor.PrincipalResolver

Resolve the principal from the current request, which is used to obtain an OAuth2AuthorizedClient.

resolve(HttpRequest) - Method in class org.springframework.security.oauth2.client.web.client.RequestAttributeClientRegistrationIdResolver

resolve(HttpRequest) - Method in class org.springframework.security.oauth2.client.web.client.RequestAttributePrincipalResolver

resolve(HttpRequest) - Method in class org.springframework.security.oauth2.client.web.client.SecurityContextHolderPrincipalResolver

resolve(RelyingPartyRegistration) - Method in interface org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResolver

Resolve the given relying party's metadata

resolve(ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver

resolve(ServerWebExchange) - Method in interface org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationRequestResolver

Returns the OAuth2AuthorizationRequest resolved from the provided HttpServletRequest or null if not available.

resolve(ServerWebExchange) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver

Return an AuthenticationManager based off of the `iss` claim found in the request's bearer token

resolve(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver

resolve(ServerWebExchange, String) - Method in class org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver

resolve(ServerWebExchange, String) - Method in interface org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationRequestResolver

Returns the OAuth2AuthorizationRequest resolved from the provided HttpServletRequest or null if not available.

resolveArgument(MethodParameter, Message<?>) - Method in class org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver

resolveArgument(MethodParameter, Message<?>) - Method in class org.springframework.security.messaging.handler.invocation.reactive.AuthenticationPrincipalArgumentResolver

resolveArgument(MethodParameter, Message<?>) - Method in class org.springframework.security.messaging.handler.invocation.reactive.CurrentSecurityContextArgumentResolver

resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver

resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver

Deprecated.

resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver

resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.web.method.annotation.CsrfTokenArgumentResolver

resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver

resolveArgument(MethodParameter, BindingContext, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2AuthorizedClientArgumentResolver

resolveArgument(MethodParameter, BindingContext, ServerWebExchange) - Method in class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver

resolveArgument(MethodParameter, BindingContext, ServerWebExchange) - Method in class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver

resolveCsrfTokenValue(HttpServletRequest, CsrfToken) - Method in interface org.springframework.security.web.csrf.CsrfTokenRequestHandler

resolveCsrfTokenValue(HttpServletRequest, CsrfToken) - Method in interface org.springframework.security.web.csrf.CsrfTokenRequestResolver

Returns the token value resolved from the provided HttpServletRequest and CsrfToken or null if not available.

resolveCsrfTokenValue(HttpServletRequest, CsrfToken) - Method in class org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler

resolveCsrfTokenValue(ServerWebExchange, CsrfToken) - Method in class org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler

resolveCsrfTokenValue(ServerWebExchange, CsrfToken) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRequestHandler

resolveCsrfTokenValue(ServerWebExchange, CsrfToken) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRequestResolver

Returns the token value resolved from the provided ServerWebExchange and CsrfToken or Mono.empty() if not available.

resolveCsrfTokenValue(ServerWebExchange, CsrfToken) - Method in class org.springframework.security.web.server.csrf.XorServerCsrfTokenRequestAttributeHandler

resolveException(LoginException) - Method in class org.springframework.security.authentication.jaas.DefaultLoginExceptionResolver

resolveException(LoginException) - Method in interface org.springframework.security.authentication.jaas.LoginExceptionResolver

Translates a Jaas LoginException to an SpringSecurityException.

RESOURCE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

resource - used in Token Exchange Access Token Request.

RESOURCE_POLICY - Static variable in class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter

response(R) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential.PublicKeyCredentialBuilder

Sets the PublicKeyCredential.getResponse() property.

RESPONSE_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

response_type - used in Authorization Request.

RestClientAuthorizationCodeTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint

An implementation of OAuth2AccessTokenResponseClient that "exchanges" an authorization code for an access token at the Authorization Server's Token Endpoint.

RestClientAuthorizationCodeTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.RestClientAuthorizationCodeTokenResponseClient

RestClientClientCredentialsTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint

An implementation of OAuth2AccessTokenResponseClient that "exchanges" client credentials for an access token at the Authorization Server's Token Endpoint.

RestClientClientCredentialsTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.RestClientClientCredentialsTokenResponseClient

RestClientJwtBearerTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint

An implementation of OAuth2AccessTokenResponseClient that "exchanges" a JWT for an access token at the Authorization Server's Token Endpoint.

RestClientJwtBearerTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.RestClientJwtBearerTokenResponseClient

RestClientRefreshTokenTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint

An implementation of OAuth2AccessTokenResponseClient that "exchanges" a refresh token for an access token at the Authorization Server's Token Endpoint.

RestClientRefreshTokenTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.RestClientRefreshTokenTokenResponseClient

RestClientTokenExchangeTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint

An implementation of OAuth2AccessTokenResponseClient that "exchanges" a subject token (and optionally an actor token) for an access token at the Authorization Server's Token Endpoint.

RestClientTokenExchangeTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.RestClientTokenExchangeTokenResponseClient

restOperations(RestOperations) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder

Use the given RestOperations to coordinate with the authorization servers indicated in the JWK Set uri as well as the Issuer.

retrieveEntry(String, String[]) - Method in class org.springframework.security.ldap.SpringSecurityLdapTemplate

Composes an object from the attributes of the given DN.

retrieveObjectIdentityPrimaryKey(ObjectIdentity) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

Retrieves the primary key from the acl_object_identity table for the passed ObjectIdentity.

retrievePassword(Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices

retrieveUser(String) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager

Allows subclasses to retrieve the UserDetails from an implementation-specific location.

retrieveUser(String) - Method in class org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager

retrieveUser(String, UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

Allows subclasses to actually retrieve the UserDetails from an implementation-specific location, with the option of throwing an AuthenticationException immediately if the presented credentials are incorrect (this is especially useful if it is necessary to bind to a resource as the user in order to obtain or generate a UserDetails).

retrieveUser(String, UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider

retrieveUserName(Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices

RetryWithHttpEntryPoint - Class in org.springframework.security.web.access.channel

Commences an insecure channel by retrying the original request using HTTP.

RetryWithHttpEntryPoint() - Constructor for class org.springframework.security.web.access.channel.RetryWithHttpEntryPoint

RetryWithHttpsEntryPoint - Class in org.springframework.security.web.access.channel

Commences a secure channel by retrying the original request using HTTPS.

RetryWithHttpsEntryPoint() - Constructor for class org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint

role(String) - Method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl.Builder

Creates a new hierarchy branch to define a role and its child roles.

ROLE_PREVIOUS_ADMINISTRATOR - Static variable in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

ROLE_PREVIOUS_ADMINISTRATOR - Static variable in class org.springframework.security.web.server.authentication.SwitchUserWebFilter

RoleHierarchy - Interface in org.springframework.security.access.hierarchicalroles

The simple interface of a role hierarchy.

RoleHierarchyAuthoritiesMapper - Class in org.springframework.security.access.hierarchicalroles

RoleHierarchyAuthoritiesMapper(RoleHierarchy) - Constructor for class org.springframework.security.access.hierarchicalroles.RoleHierarchyAuthoritiesMapper

roleHierarchyFromMap(Map<String, List<String>>) - Static method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyUtils

Converts the supplied Map of role name to implied role name(s) to a string representation understood by RoleHierarchyImpl.setHierarchy(String).

RoleHierarchyImpl - Class in org.springframework.security.access.hierarchicalroles

This class defines a role hierarchy for use with various access checking components.

RoleHierarchyImpl() - Constructor for class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl

Deprecated.

Use RoleHierarchyImpl.fromHierarchy(java.lang.String) instead

RoleHierarchyImpl.Builder - Class in org.springframework.security.access.hierarchicalroles

Builder class for constructing a RoleHierarchyImpl based on a hierarchical role structure.

RoleHierarchyImpl.Builder.ImpliedRoles - Class in org.springframework.security.access.hierarchicalroles

Builder class for constructing child roles within a role hierarchy branch.

RoleHierarchyUtils - Class in org.springframework.security.access.hierarchicalroles

Utility methods for RoleHierarchy.

RoleHierarchyVoter - Class in org.springframework.security.access.vote

Deprecated.

Use AuthorityAuthorizationManager.setRoleHierarchy(org.springframework.security.access.hierarchicalroles.RoleHierarchy) instead

RoleHierarchyVoter(RoleHierarchy) - Constructor for class org.springframework.security.access.vote.RoleHierarchyVoter

Deprecated.

rolePrefix(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

A non-empty string prefix that will be added as a prefix to the existing roles.

rolePrefix(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

A non-empty string prefix that will be added to role strings loaded from persistent storage (default is "").

rolePrefix(String) - Method in class org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer

roles() - Element in annotation interface org.springframework.security.test.context.support.WithMockUser

The roles to use.

roles(String...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder

Populates the roles.

roles(String...) - Method in class org.springframework.security.core.userdetails.User.UserBuilder

Populates the roles.

roles(String...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator

Specifies the roles to use.

roles(String...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor

Specify the roles of the user to authenticate as.

RoleVoter - Class in org.springframework.security.access.vote

Deprecated.

Use AuthorityAuthorizationManager instead

RoleVoter() - Constructor for class org.springframework.security.access.vote.RoleVoter

Deprecated.

root(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder

Optional root suffix for the embedded LDAP server.

route(String) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec

RoutePayloadExchangeMatcher - Class in org.springframework.security.rsocket.util.matcher

RoutePayloadExchangeMatcher(MetadataExtractor, RouteMatcher, String) - Constructor for class org.springframework.security.rsocket.util.matcher.RoutePayloadExchangeMatcher

rp(PublicKeyCredentialRpEntity) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder

Sets the PublicKeyCredentialCreationOptions.getRp() property.

rpId(String) - Method in class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer

The Relying Party id.

rpId(String) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder

Sets the PublicKeyCredentialRequestOptions.getRpId() property.

rpName(String) - Method in class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer

Sets the relying party name

RS1 - Static variable in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier

RS1 - Static variable in class org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters

RS256 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm

RSASSA-PKCS1-v1_5 using SHA-256 (Recommended)

RS256 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms

RSASSA-PKCS1-v1_5 using SHA-256 (Recommended)

RS256 - Static variable in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier

RS256 - Static variable in class org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters

RS384 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm

RSASSA-PKCS1-v1_5 using SHA-384 (Optional)

RS384 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms

RSASSA-PKCS1-v1_5 using SHA-384 (Optional)

RS384 - Static variable in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier

RS384 - Static variable in class org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters

RS512 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm

RSASSA-PKCS1-v1_5 using SHA-512 (Optional)

RS512 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms

RSASSA-PKCS1-v1_5 using SHA-512 (Optional)

RS512 - Static variable in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier

RS512 - Static variable in class org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters

RsaAlgorithm - Enum Class in org.springframework.security.crypto.encrypt

RsaKeyConversionServicePostProcessor - Class in org.springframework.security.config.crypto

Adds RsaKeyConverters to the configured ConversionService or PropertyEditors

RsaKeyConversionServicePostProcessor() - Constructor for class org.springframework.security.config.crypto.RsaKeyConversionServicePostProcessor

RsaKeyConverters - Class in org.springframework.security.converter

Used for creating Key converter instances

RsaKeyHolder - Interface in org.springframework.security.crypto.encrypt

RsaRawEncryptor - Class in org.springframework.security.crypto.encrypt

RsaRawEncryptor() - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor

RsaRawEncryptor(String) - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor

RsaRawEncryptor(String, PublicKey, PrivateKey) - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor

RsaRawEncryptor(String, PublicKey, PrivateKey, RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor

RsaRawEncryptor(KeyPair) - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor

RsaRawEncryptor(KeyPair, RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor

RsaRawEncryptor(PublicKey) - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor

RsaRawEncryptor(RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor

RsaSecretEncryptor - Class in org.springframework.security.crypto.encrypt

RsaSecretEncryptor() - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

RsaSecretEncryptor(String) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

RsaSecretEncryptor(String, PublicKey, PrivateKey) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

RsaSecretEncryptor(String, PublicKey, PrivateKey, RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

RsaSecretEncryptor(String, PublicKey, PrivateKey, RsaAlgorithm, String, boolean) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

RsaSecretEncryptor(String, RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

RsaSecretEncryptor(String, RsaAlgorithm, String) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

RsaSecretEncryptor(KeyPair) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

RsaSecretEncryptor(KeyPair, RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

RsaSecretEncryptor(KeyPair, RsaAlgorithm, String) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

RsaSecretEncryptor(KeyPair, RsaAlgorithm, String, boolean) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

RsaSecretEncryptor(PublicKey) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

RsaSecretEncryptor(PublicKey, RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

RsaSecretEncryptor(PublicKey, RsaAlgorithm, String) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

RsaSecretEncryptor(PublicKey, RsaAlgorithm, String, boolean) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

RsaSecretEncryptor(RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

RsaSecretEncryptor(RsaAlgorithm, boolean) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

RsaSecretEncryptor(RsaAlgorithm, String) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

RsaSecretEncryptor(RsaAlgorithm, String, boolean) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor

RSocketSecurity - Class in org.springframework.security.config.annotation.rsocket

Allows configuring RSocket based security.

RSocketSecurity() - Constructor for class org.springframework.security.config.annotation.rsocket.RSocketSecurity

RSocketSecurity.AuthorizePayloadsSpec - Class in org.springframework.security.config.annotation.rsocket

RSocketSecurity.AuthorizePayloadsSpec.Access - Class in org.springframework.security.config.annotation.rsocket

RSocketSecurity.BasicAuthenticationSpec - Class in org.springframework.security.config.annotation.rsocket

RSocketSecurity.JwtSpec - Class in org.springframework.security.config.annotation.rsocket

RSocketSecurity.SimpleAuthenticationSpec - Class in org.springframework.security.config.annotation.rsocket

run() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextRunnable

RunAsImplAuthenticationProvider - Class in org.springframework.security.access.intercept

Deprecated.

Authentication is now separated from authorization in Spring Security. This class is only used by now-deprecated components. There is not yet an equivalent replacement in Spring Security.

RunAsImplAuthenticationProvider() - Constructor for class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider

Deprecated.

runAsManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Deprecated.

Provide a custom RunAsManager for the default implementation of GlobalMethodSecurityConfiguration.methodSecurityInterceptor(MethodSecurityMetadataSource).

RunAsManager - Interface in org.springframework.security.access.intercept

Deprecated.

Authentication is now separated from authorization in Spring Security. This class is only used by now-deprecated components. There is not yet an equivalent replacement in Spring Security.

RunAsManagerImpl - Class in org.springframework.security.access.intercept

Deprecated.

Authentication is now separated from authorization in Spring Security. This class is only used by now-deprecated components. There is not yet an equivalent replacement in Spring Security.

RunAsManagerImpl() - Constructor for class org.springframework.security.access.intercept.RunAsManagerImpl

Deprecated.

RunAsUserToken - Class in org.springframework.security.access.intercept

Deprecated.

Authentication is now separated from authorization in Spring Security. This class is only used by now-deprecated components. There is not yet an equivalent replacement in Spring Security.

RunAsUserToken(String, Object, Object, Collection<? extends GrantedAuthority>, Class<? extends Authentication>) - Constructor for class org.springframework.security.access.intercept.RunAsUserToken

Deprecated.

S

SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy

SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy

SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy

SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy

SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy

SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy

SAME_ORIGIN_ALLOW_POPUPS - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy

SAME_ORIGIN_ALLOW_POPUPS - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy

SAME_SITE - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy

SAME_SITE - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy

sameOrigin() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig

Specify to allow any request that comes from the same origin to frame this application.

SAMEORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode

SAMEORIGIN - Enum constant in enum class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter.Mode

A browser receiving content with this header field MUST NOT display this content in any frame from a page of different origin than the content itself.

sameOriginDisabled() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

Deprecated.

Determines if a CSRF token is required for connecting.

SAML_REQUEST - Static variable in class org.springframework.security.saml2.core.Saml2ParameterNames

SAMLRequest - used to request authentication or request logout

SAML_RESPONSE - Static variable in class org.springframework.security.saml2.core.Saml2ParameterNames

SAMLResponse - used to respond to an authentication or logout request

SAML2_LOGIN - Static variable in class org.springframework.security.config.Elements

SAML2_LOGOUT - Static variable in class org.springframework.security.config.Elements

Saml2AuthenticatedPrincipal - Interface in org.springframework.security.saml2.provider.service.authentication

Saml2 representation of an AuthenticatedPrincipal.

Saml2Authentication - Class in org.springframework.security.saml2.provider.service.authentication

An implementation of an AbstractAuthenticationToken that represents an authenticated SAML 2.0 Authentication.

Saml2Authentication(AuthenticatedPrincipal, String, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.saml2.provider.service.authentication.Saml2Authentication

Construct a Saml2Authentication using the provided parameters

Saml2AuthenticationException - Exception in org.springframework.security.saml2.provider.service.authentication

This exception is thrown for all SAML 2.0 related Authentication errors.

Saml2AuthenticationException(Saml2Error) - Constructor for exception org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException

Constructs a Saml2AuthenticationException using the provided parameters.

Saml2AuthenticationException(Saml2Error, String) - Constructor for exception org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException

Constructs a Saml2AuthenticationException using the provided parameters.

Saml2AuthenticationException(Saml2Error, String, Throwable) - Constructor for exception org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException

Constructs a Saml2AuthenticationException using the provided parameters.

Saml2AuthenticationException(Saml2Error, Throwable) - Constructor for exception org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException

Constructs a Saml2AuthenticationException using the provided parameters.

Saml2AuthenticationRequestRepository<T extends AbstractSaml2AuthenticationRequest> - Interface in org.springframework.security.saml2.provider.service.web

A repository for AbstractSaml2AuthenticationRequest

Saml2AuthenticationRequestResolver - Interface in org.springframework.security.saml2.provider.service.web.authentication

A strategy for resolving a SAML 2.0 Authentication Request from the HttpServletRequest.

Saml2AuthenticationToken - Class in org.springframework.security.saml2.provider.service.authentication

Represents an incoming SAML 2.0 response containing an assertion that has not been validated.

Saml2AuthenticationToken(RelyingPartyRegistration, String) - Constructor for class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken

Creates a Saml2AuthenticationToken with the provided parameters Note that the given RelyingPartyRegistration should have all its templates resolved at this point.

Saml2AuthenticationToken(RelyingPartyRegistration, String, AbstractSaml2AuthenticationRequest) - Constructor for class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken

Creates a Saml2AuthenticationToken with the provided parameters.

Saml2AuthenticationTokenConverter - Class in org.springframework.security.saml2.provider.service.web

An AuthenticationConverter that generates a Saml2AuthenticationToken appropriate for authenticated a SAML 2.0 Assertion against an AuthenticationManager.

Saml2AuthenticationTokenConverter(RelyingPartyRegistrationResolver) - Constructor for class org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter

Constructs a Saml2AuthenticationTokenConverter given a strategy for resolving RelyingPartyRegistrations

Saml2Error - Class in org.springframework.security.saml2.core

A representation of an SAML 2.0 Error.

Saml2Error(String, String) - Constructor for class org.springframework.security.saml2.core.Saml2Error

Constructs a Saml2Error using the provided parameters.

Saml2ErrorCodes - Class in org.springframework.security.saml2.core

A list of SAML known 2 error codes used during SAML authentication.

Saml2Exception - Exception in org.springframework.security.saml2

Saml2Exception(String) - Constructor for exception org.springframework.security.saml2.Saml2Exception

Saml2Exception(String, Throwable) - Constructor for exception org.springframework.security.saml2.Saml2Exception

Saml2Exception(Throwable) - Constructor for exception org.springframework.security.saml2.Saml2Exception

Saml2Jackson2Module - Class in org.springframework.security.saml2.jackson2

Jackson module for saml2-service-provider.

Saml2Jackson2Module() - Constructor for class org.springframework.security.saml2.jackson2.Saml2Jackson2Module

saml2Login() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.saml2Login(Customizer) or saml2Login(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

saml2Login(Customizer<Saml2LoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures authentication support using an SAML 2.0 Service Provider.

Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers.saml2

An AbstractHttpConfigurer for SAML 2.0 Login, which leverages the SAML 2.0 Web Browser Single Sign On (WebSSO) Flow.

Saml2LoginConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

saml2Logout() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.saml2Logout(Customizer) or saml2Logout(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

saml2Logout(Customizer<Saml2LogoutConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures logout support for an SAML 2.0 Relying Party.

Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.saml2

Adds SAML 2.0 logout support.

Saml2LogoutConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer

Creates a new instance

Saml2LogoutConfigurer.LogoutRequestConfigurer - Class in org.springframework.security.config.annotation.web.configurers.saml2

A configurer for SAML 2.0 LogoutRequest components

Saml2LogoutConfigurer.LogoutResponseConfigurer - Class in org.springframework.security.config.annotation.web.configurers.saml2

Saml2LogoutRequest - Class in org.springframework.security.saml2.provider.service.authentication.logout

A class that represents a signed and serialized SAML 2.0 Logout Request

Saml2LogoutRequest.Builder - Class in org.springframework.security.saml2.provider.service.authentication.logout

Saml2LogoutRequestFilter - Class in org.springframework.security.saml2.provider.service.web.authentication.logout

A filter for handling logout requests in the form of a <saml2:LogoutRequest> sent from the asserting party.

Saml2LogoutRequestFilter(Saml2LogoutRequestValidatorParametersResolver, Saml2LogoutRequestValidator, Saml2LogoutResponseResolver, LogoutHandler...) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter

Saml2LogoutRequestFilter(RelyingPartyRegistrationResolver, Saml2LogoutRequestValidator, Saml2LogoutResponseResolver, LogoutHandler...) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter

Constructs a Saml2LogoutResponseFilter for accepting SAML 2.0 Logout Requests from the asserting party

Saml2LogoutRequestRepository - Interface in org.springframework.security.saml2.provider.service.web.authentication.logout

Implementations of this interface are responsible for the persistence of Saml2LogoutRequest between requests.

Saml2LogoutRequestResolver - Interface in org.springframework.security.saml2.provider.service.web.authentication.logout

Creates a signed SAML 2.0 Logout Request based on information from the HttpServletRequest and current Authentication.

Saml2LogoutRequestValidator - Interface in org.springframework.security.saml2.provider.service.authentication.logout

Validates SAML 2.0 Logout Requests

Saml2LogoutRequestValidatorParameters - Class in org.springframework.security.saml2.provider.service.authentication.logout

A holder of the parameters needed to invoke Saml2LogoutRequestValidator

Saml2LogoutRequestValidatorParameters(Saml2LogoutRequest, RelyingPartyRegistration, Authentication) - Constructor for class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters

Construct a Saml2LogoutRequestValidatorParameters

Saml2LogoutRequestValidatorParametersResolver - Interface in org.springframework.security.saml2.provider.service.web.authentication.logout

Resolved a SAML 2.0 Logout Request and associated validation parameters from the given HttpServletRequest and current Authentication.

Saml2LogoutResponse - Class in org.springframework.security.saml2.provider.service.authentication.logout

A class that represents a signed and serialized SAML 2.0 Logout Response

Saml2LogoutResponse.Builder - Class in org.springframework.security.saml2.provider.service.authentication.logout

Saml2LogoutResponseFilter - Class in org.springframework.security.saml2.provider.service.web.authentication.logout

A filter for handling a <saml2:LogoutResponse> sent from the asserting party.

Saml2LogoutResponseFilter(RelyingPartyRegistrationRepository, Saml2LogoutResponseValidator, LogoutSuccessHandler) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter

Saml2LogoutResponseFilter(RelyingPartyRegistrationResolver, Saml2LogoutResponseValidator, LogoutSuccessHandler) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter

Constructs a Saml2LogoutResponseFilter for accepting SAML 2.0 Logout Responses from the asserting party

Saml2LogoutResponseResolver - Interface in org.springframework.security.saml2.provider.service.web.authentication.logout

Creates a signed SAML 2.0 Logout Response based on information from the HttpServletRequest and current Authentication.

Saml2LogoutResponseValidator - Interface in org.springframework.security.saml2.provider.service.authentication.logout

Validates SAML 2.0 Logout Responses

Saml2LogoutResponseValidatorParameters - Class in org.springframework.security.saml2.provider.service.authentication.logout

A holder of the parameters needed to invoke Saml2LogoutResponseValidator

Saml2LogoutResponseValidatorParameters(Saml2LogoutResponse, Saml2LogoutRequest, RelyingPartyRegistration) - Constructor for class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidatorParameters

Construct a Saml2LogoutRequestValidatorParameters

Saml2LogoutValidatorResult - Class in org.springframework.security.saml2.provider.service.authentication.logout

A result emitted from a SAML 2.0 Logout validation attempt

Saml2LogoutValidatorResult.Builder - Class in org.springframework.security.saml2.provider.service.authentication.logout

Saml2MessageBinding - Enum Class in org.springframework.security.saml2.provider.service.registration

The type of bindings that messages are exchanged using Supported bindings are urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST and urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect.

saml2Metadata() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.saml2Metadata(Customizer) or saml2Metadata(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

saml2Metadata(Customizer<Saml2MetadataConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures a SAML 2.0 metadata endpoint that presents relying party configurations in an <md:EntityDescriptor> payload.

Saml2MetadataConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.saml2

An AbstractHttpConfigurer for SAML 2.0 Metadata.

Saml2MetadataConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.saml2.Saml2MetadataConfigurer

Saml2MetadataFilter - Class in org.springframework.security.saml2.provider.service.web

A Filter that returns the metadata for a Relying Party

Saml2MetadataFilter(Saml2MetadataResponseResolver) - Constructor for class org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter

Constructs an instance of Saml2MetadataFilter

Saml2MetadataFilter(RelyingPartyRegistrationRepository, Saml2MetadataResolver) - Constructor for class org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter

Constructs an instance of Saml2MetadataFilter using the provided parameters.

Saml2MetadataFilter(RelyingPartyRegistrationResolver, Saml2MetadataResolver) - Constructor for class org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter

Saml2MetadataResolver - Interface in org.springframework.security.saml2.provider.service.metadata

Resolves the SAML 2.0 Relying Party Metadata for a given RelyingPartyRegistration

Saml2MetadataResponse - Class in org.springframework.security.saml2.provider.service.metadata

Saml2MetadataResponse(String, String) - Constructor for class org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponse

Saml2MetadataResponseResolver - Interface in org.springframework.security.saml2.provider.service.metadata

Resolves Relying Party SAML 2.0 Metadata given details from the HttpServletRequest.

Saml2ParameterNames - Class in org.springframework.security.saml2.core

Standard parameter names defined in the SAML 2.0 Specification and used by the Authentication Request, Assertion Consumer Response, Logout Request, and Logout Response endpoints.

Saml2PostAuthenticationRequest - Class in org.springframework.security.saml2.provider.service.authentication

Data holder for information required to send an AuthNRequest over a POST binding from the service provider to the identity provider https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf (line 2031)

Saml2PostAuthenticationRequest.Builder - Class in org.springframework.security.saml2.provider.service.authentication

Builder class for a Saml2PostAuthenticationRequest object.

Saml2RedirectAuthenticationRequest - Class in org.springframework.security.saml2.provider.service.authentication

Data holder for information required to send an AuthNRequest over a REDIRECT binding from the service provider to the identity provider https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf (line 2031)

Saml2RedirectAuthenticationRequest.Builder - Class in org.springframework.security.saml2.provider.service.authentication

Builder class for a Saml2RedirectAuthenticationRequest object.

Saml2RelyingPartyInitiatedLogoutSuccessHandler - Class in org.springframework.security.saml2.provider.service.web.authentication.logout

A success handler for issuing a SAML 2.0 Logout Request to the SAML 2.0 Asserting Party

Saml2RelyingPartyInitiatedLogoutSuccessHandler(Saml2LogoutRequestResolver) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2RelyingPartyInitiatedLogoutSuccessHandler

Constructs a Saml2RelyingPartyInitiatedLogoutSuccessHandler using the provided parameters

Saml2ResponseValidatorResult - Class in org.springframework.security.saml2.core

A result emitted from a SAML 2.0 Response validation attempt

Saml2WebSsoAuthenticationFilter - Class in org.springframework.security.saml2.provider.service.web.authentication

Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter

Creates a Saml2WebSsoAuthenticationFilter authentication filter that is configured to use the Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI processing URL

Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository, String) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter

Creates a Saml2WebSsoAuthenticationFilter authentication filter

Saml2WebSsoAuthenticationFilter(AuthenticationConverter) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter

Creates a Saml2WebSsoAuthenticationFilter that is configured to use the Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI processing URL

Saml2WebSsoAuthenticationFilter(AuthenticationConverter, String) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter

Creates a Saml2WebSsoAuthenticationFilter given the provided parameters

Saml2WebSsoAuthenticationRequestFilter - Class in org.springframework.security.saml2.provider.service.web

This Filter formulates a SAML 2.0 AuthnRequest (line 1968) and redirects to a configured asserting party.

Saml2WebSsoAuthenticationRequestFilter(Saml2AuthenticationRequestResolver) - Constructor for class org.springframework.security.saml2.provider.service.web.Saml2WebSsoAuthenticationRequestFilter

Construct a Saml2WebSsoAuthenticationRequestFilter with the strategy for resolving the AuthnRequest

Saml2X509Credential - Class in org.springframework.security.saml2.core

An object for holding a public certificate, any associated private key, and its intended usages (Line 584, Section 4.3 Credentials).

Saml2X509Credential(X509Certificate, Saml2X509Credential.Saml2X509CredentialType...) - Constructor for class org.springframework.security.saml2.core.Saml2X509Credential

Creates a Saml2X509Credential using the provided parameters

Saml2X509Credential(PrivateKey, X509Certificate, Set<Saml2X509Credential.Saml2X509CredentialType>) - Constructor for class org.springframework.security.saml2.core.Saml2X509Credential

Creates a Saml2X509Credential using the provided parameters

Saml2X509Credential(PrivateKey, X509Certificate, Saml2X509Credential.Saml2X509CredentialType...) - Constructor for class org.springframework.security.saml2.core.Saml2X509Credential

Creates a Saml2X509Credential using the provided parameters

Saml2X509Credential.Saml2X509CredentialType - Enum Class in org.springframework.security.saml2.core

samlRequest(String) - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder

Sets the SAMLRequest parameter that will accompany this AuthNRequest

samlRequest(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder

Use this signed and serialized and Base64-encoded <saml2:LogoutRequest> Note that if using the Redirect binding, the value should be deflated and then Base64-encoded.

samlResponse(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder

Use this signed and serialized and Base64-encoded <saml2:LogoutResponse> Note that if using the Redirect binding, the value should be deflated and then Base64-encoded.

SamlServiceProperties - Class in org.springframework.security.cas

Sets the appropriate parameters for CAS's implementation of SAML (which is not guaranteed to be actually SAML compliant).

SamlServiceProperties() - Constructor for class org.springframework.security.cas.SamlServiceProperties

save(HttpServletRequest, HttpServletResponse, PublicKeyCredentialCreationOptions) - Method in class org.springframework.security.web.webauthn.registration.HttpSessionPublicKeyCredentialCreationOptionsRepository

save(HttpServletRequest, HttpServletResponse, PublicKeyCredentialCreationOptions) - Method in interface org.springframework.security.web.webauthn.registration.PublicKeyCredentialCreationOptionsRepository

Saves the provided PublicKeyCredentialCreationOptions or clears an existing PublicKeyCredentialCreationOptions if options is null.

save(HttpServletRequest, HttpServletResponse, PublicKeyCredentialRequestOptions) - Method in class org.springframework.security.web.webauthn.authentication.HttpSessionPublicKeyCredentialRequestOptionsRepository

save(HttpServletRequest, HttpServletResponse, PublicKeyCredentialRequestOptions) - Method in interface org.springframework.security.web.webauthn.authentication.PublicKeyCredentialRequestOptionsRepository

Saves the provided PublicKeyCredentialRequestOptions or clears an existing PublicKeyCredentialRequestOptions if options is null.

save(CredentialRecord) - Method in class org.springframework.security.web.webauthn.management.MapUserCredentialRepository

save(CredentialRecord) - Method in interface org.springframework.security.web.webauthn.management.UserCredentialRepository

Saves a CredentialRecord

save(PublicKeyCredentialUserEntity) - Method in class org.springframework.security.web.webauthn.management.MapPublicKeyCredentialUserEntityRepository

save(PublicKeyCredentialUserEntity) - Method in interface org.springframework.security.web.webauthn.management.PublicKeyCredentialUserEntityRepository

Saves the PublicKeyCredentialUserEntity to the associated username.

save(ServerWebExchange, SecurityContext) - Method in class org.springframework.security.web.server.context.NoOpServerSecurityContextRepository

save(ServerWebExchange, SecurityContext) - Method in interface org.springframework.security.web.server.context.ServerSecurityContextRepository

Saves the SecurityContext

save(ServerWebExchange, SecurityContext) - Method in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository

saveAuthenticationRequest(AbstractSaml2AuthenticationRequest, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.saml2.provider.service.web.HttpSessionSaml2AuthenticationRequestRepository

saveAuthenticationRequest(T, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestRepository

Saves the current authentication request using the HttpServletRequest and HttpServletResponse

saveAuthorizationRequest(OAuth2AuthorizationRequest, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository

saveAuthorizationRequest(OAuth2AuthorizationRequest, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.WebSessionOAuth2ServerAuthorizationRequestRepository

saveAuthorizationRequest(T, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.oauth2.client.web.AuthorizationRequestRepository

Persists the OAuth2AuthorizationRequest associating it to the provided HttpServletRequest and/or HttpServletResponse.

saveAuthorizationRequest(T, ServerWebExchange) - Method in interface org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository

Persists the OAuth2AuthorizationRequest associating it to the provided HttpServletRequest and/or HttpServletResponse.

saveAuthorizedClient(OAuth2AuthorizedClient, Authentication) - Method in class org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService

saveAuthorizedClient(OAuth2AuthorizedClient, Authentication) - Method in class org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService

saveAuthorizedClient(OAuth2AuthorizedClient, Authentication) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService

saveAuthorizedClient(OAuth2AuthorizedClient, Authentication) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizedClientService

Saves the OAuth2AuthorizedClient associating it to the provided End-User Authentication (Resource Owner).

saveAuthorizedClient(OAuth2AuthorizedClient, Authentication) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService

saveAuthorizedClient(OAuth2AuthorizedClient, Authentication) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService

Saves the OAuth2AuthorizedClient associating it to the provided End-User Authentication (Resource Owner).

saveAuthorizedClient(OAuth2AuthorizedClient, Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository

saveAuthorizedClient(OAuth2AuthorizedClient, Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizedClientRepository

saveAuthorizedClient(OAuth2AuthorizedClient, Authentication, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository

Saves the OAuth2AuthorizedClient associating it to the provided End-User Authentication (Resource Owner).

saveAuthorizedClient(OAuth2AuthorizedClient, Authentication, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository

saveAuthorizedClient(OAuth2AuthorizedClient, Authentication, ServerWebExchange) - Method in interface org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository

Saves the OAuth2AuthorizedClient associating it to the provided End-User Authentication (Resource Owner).

saveAuthorizedClient(OAuth2AuthorizedClient, Authentication, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.WebSessionServerOAuth2AuthorizedClientRepository

saveContext(SecurityContext) - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper

Deprecated.

Implements the logic for storing the security context.

saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.context.DelegatingSecurityContextRepository

saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository

saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.context.NullSecurityContextRepository

saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository

saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.context.SecurityContextRepository

Stores the security context on completion of a request.

SaveContextOnUpdateOrErrorResponseWrapper - Class in org.springframework.security.web.context

Deprecated.

Use SecurityContextRepository.loadDeferredContext(HttpServletRequest) instead.

SaveContextOnUpdateOrErrorResponseWrapper(HttpServletResponse, boolean) - Constructor for class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper

Deprecated.

SavedCookie - Class in org.springframework.security.web.savedrequest

Stores off the values of a cookie in a serializable holder

SavedCookie(Cookie) - Constructor for class org.springframework.security.web.savedrequest.SavedCookie

SavedCookie(String, String, String, int, String, boolean) - Constructor for class org.springframework.security.web.savedrequest.SavedCookie

SavedCookie(String, String, String, String, int, String, boolean, int) - Constructor for class org.springframework.security.web.savedrequest.SavedCookie

Deprecated, for removal: This API element is subject to removal in a future version.

use SavedCookie(String, String, String, int, String, boolean) instead

SavedRequest - Interface in org.springframework.security.web.savedrequest

Encapsulates the functionality required of a cached request for both an authentication mechanism (typically form-based login) to redirect to the original URL and for a RequestCache to build a wrapped request, reproducing the original request data.

SavedRequestAwareAuthenticationSuccessHandler - Class in org.springframework.security.web.authentication

An authentication success strategy which can make use of the DefaultSavedRequest which may have been stored in the session by the ExceptionTranslationFilter.

SavedRequestAwareAuthenticationSuccessHandler() - Constructor for class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler

saveException(HttpServletRequest, AuthenticationException) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler

Caches the AuthenticationException for use in view rendering.

saveLogoutRequest(Saml2LogoutRequest, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.HttpSessionLogoutRequestRepository

Persists the Saml2LogoutRequest associating it to the provided HttpServletRequest and/or HttpServletResponse.

saveLogoutRequest(Saml2LogoutRequest, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestRepository

Persists the Saml2LogoutRequest associating it to the provided HttpServletRequest and/or HttpServletResponse.

saveRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache

saveRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache

Stores the current request, provided the configuration properties allow it.

saveRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.NullRequestCache

saveRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.savedrequest.RequestCache

Caches the current request for later retrieval, once authentication has taken place.

saveRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache

saveRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.NoOpServerRequestCache

saveRequest(ServerWebExchange) - Method in interface org.springframework.security.web.server.savedrequest.ServerRequestCache

Save the ServerHttpRequest

saveRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache

saveSessionInformation(ReactiveSessionInformation) - Method in class org.springframework.security.core.session.InMemoryReactiveSessionRegistry

saveSessionInformation(ReactiveSessionInformation) - Method in interface org.springframework.security.core.session.ReactiveSessionRegistry

Saves the ReactiveSessionInformation

saveSessionInformation(OidcSessionInformation) - Method in class org.springframework.security.oauth2.client.oidc.server.session.InMemoryReactiveOidcSessionRegistry

saveSessionInformation(OidcSessionInformation) - Method in interface org.springframework.security.oauth2.client.oidc.server.session.ReactiveOidcSessionRegistry

Register a OIDC Provider session with the provided client session.

saveSessionInformation(OidcSessionInformation) - Method in class org.springframework.security.oauth2.client.oidc.session.InMemoryOidcSessionRegistry

saveSessionInformation(OidcSessionInformation) - Method in interface org.springframework.security.oauth2.client.oidc.session.OidcSessionRegistry

Register a OIDC Provider session with the provided client session.

saveToken(CsrfToken, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

saveToken(CsrfToken, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.csrf.CsrfTokenRepository

Saves the CsrfToken using the HttpServletRequest and HttpServletResponse.

saveToken(CsrfToken, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository

saveToken(CsrfToken, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.csrf.LazyCsrfTokenRepository

Deprecated.

Does nothing if the CsrfToken is not null.

saveToken(ServerWebExchange, CsrfToken) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

saveToken(ServerWebExchange, CsrfToken) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRepository

Saves the CsrfToken using the ServerWebExchange.

saveToken(ServerWebExchange, CsrfToken) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository

scan(Method, Class<?>) - Method in interface org.springframework.security.core.annotation.SecurityAnnotationScanner

Scan for an annotation of type A, starting from the given method.

scan(Parameter) - Method in interface org.springframework.security.core.annotation.SecurityAnnotationScanner

Scan for an annotation of type A, starting from the given method parameter.

schedule(Runnable, long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextScheduledExecutorService

schedule(Runnable, Instant) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler

schedule(Runnable, Date) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler

schedule(Runnable, Trigger) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler

schedule(Callable<V>, long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextScheduledExecutorService

scheduleAtFixedRate(Runnable, long) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler

scheduleAtFixedRate(Runnable, long, long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextScheduledExecutorService

scheduleAtFixedRate(Runnable, Duration) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler

scheduleAtFixedRate(Runnable, Instant, Duration) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler

scheduleAtFixedRate(Runnable, Date, long) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler

scheduleWithFixedDelay(Runnable, long) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler

scheduleWithFixedDelay(Runnable, long, long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextScheduledExecutorService

scheduleWithFixedDelay(Runnable, Duration) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler

scheduleWithFixedDelay(Runnable, Instant, Duration) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler

scheduleWithFixedDelay(Runnable, Date, long) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler

scope(String...) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder

Sets the scope(s) used for the client.

scope(String...) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder

Sets the scope(s).

scope(Collection<String>) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder

Sets the scope(s) used for the client.

SCOPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

scope - used in Authorization Request, Authorization Response, Access Token Request and Access Token Response.

SCOPE - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames

scope - The scopes for the token

scopes(Set<String>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder

Sets the scope(s) associated to the access token.

scopes(Set<String>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder

Sets the scope(s).

SCryptPasswordEncoder - Class in org.springframework.security.crypto.scrypt

Implementation of PasswordEncoder that uses the SCrypt hashing function.

SCryptPasswordEncoder(int, int, int, int, int) - Constructor for class org.springframework.security.crypto.scrypt.SCryptPasswordEncoder

Constructs a SCrypt password encoder with the provided parameters.

searchForMultipleAttributeValues(String, String, Object[], String[]) - Method in class org.springframework.security.ldap.SpringSecurityLdapTemplate

Performs a search using the supplied filter and returns the values of each named attribute found in all entries matched by the search.

searchForSingleAttributeValues(String, String, Object[], String) - Method in class org.springframework.security.ldap.SpringSecurityLdapTemplate

Performs a search using the supplied filter and returns the union of the values of the named attribute found in all entries matched by the search.

searchForSingleEntry(String, String, Object[]) - Method in class org.springframework.security.ldap.SpringSecurityLdapTemplate

Performs a search, with the requirement that the search shall return a single directory entry, and uses the supplied mapper to create the object from that entry.

searchForSingleEntryInternal(DirContext, SearchControls, String, String, Object[]) - Static method in class org.springframework.security.ldap.SpringSecurityLdapTemplate

Internal method extracted to avoid code duplication in AD search.

searchForUser(String) - Method in class org.springframework.security.ldap.search.FilterBasedLdapUserSearch

Return the LdapUserDetails containing the user's information

searchForUser(String) - Method in interface org.springframework.security.ldap.search.LdapUserSearch

Locates a single user in the directory and returns the LDAP information for that user.

SECURE_RESULT - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder

SecureChannelProcessor - Class in org.springframework.security.web.access.channel

Ensures channel security is active by review of HttpServletRequest.isSecure() responses.

SecureChannelProcessor() - Constructor for class org.springframework.security.web.access.channel.SecureChannelProcessor

secured() - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor

Creates an interceptor for the Secured annotation

secured(AuthorizationManager<MethodInvocation>) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor

Creates an interceptor for the Secured annotation

secured(SecuredAuthorizationManager) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor

Creates an interceptor for the Secured annotation

Secured - Annotation Interface in org.springframework.security.access.annotation

Java 5 annotation for describing service layer security attributes.

SECURED - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder

SecuredAnnotationSecurityMetadataSource - Class in org.springframework.security.access.annotation

Deprecated.

Use AuthorizationManagerBeforeMethodInterceptor.secured()

SecuredAnnotationSecurityMetadataSource() - Constructor for class org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource

Deprecated.

SecuredAnnotationSecurityMetadataSource(AnnotationMetadataExtractor) - Constructor for class org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource

Deprecated.

SecuredAuthorizationManager - Class in org.springframework.security.authorization.method

An AuthorizationManager which can determine if an Authentication may invoke the MethodInvocation by evaluating if the Authentication contains a specified authority from the Spring Security's Secured annotation.

SecuredAuthorizationManager() - Constructor for class org.springframework.security.authorization.method.SecuredAuthorizationManager

SecuredAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor

securedEnabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity

Deprecated.

Determines if Spring Security's Secured annotations should be enabled.

securedEnabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity

Determines if Spring Security's Secured annotation should be enabled.

secureRandom() - Static method in class org.springframework.security.crypto.keygen.KeyGenerators

Create a BytesKeyGenerator that uses a SecureRandom to generate keys of 8 bytes in length.

secureRandom(int) - Static method in class org.springframework.security.crypto.keygen.KeyGenerators

Create a BytesKeyGenerator that uses a SecureRandom to generate keys of a custom length.

SecureRandomFactoryBean - Class in org.springframework.security.core.token

Creates a SecureRandom instance.

SecureRandomFactoryBean() - Constructor for class org.springframework.security.core.token.SecureRandomFactoryBean

SECURITY_CONTEXT_SERVER_WEB_EXCHANGE - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

SecurityContextServerWebExchangeWebFilter

SecurityAnnotationScanner<A extends Annotation> - Interface in org.springframework.security.core.annotation

An interface to scan for and synthesize an annotation on a type, method, or method parameter into an annotation of type <A>.

SecurityAnnotationScanners - Class in org.springframework.security.core.annotation

Factory for creating SecurityAnnotationScanner instances.

SecurityBuilder<O> - Interface in org.springframework.security.config.annotation

Interface for building an Object

securityCheck(Acl, int) - Method in interface org.springframework.security.acls.domain.AclAuthorizationStrategy

securityCheck(Acl, int) - Method in class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl

SecurityConfig - Class in org.springframework.security.access

Stores a ConfigAttribute as a String.

SecurityConfig(String) - Constructor for class org.springframework.security.access.SecurityConfig

SecurityConfigurer<O,B extends SecurityBuilder<O>> - Interface in org.springframework.security.config.annotation

Allows for configuring a SecurityBuilder.

SecurityConfigurerAdapter<O,B extends SecurityBuilder<O>> - Class in org.springframework.security.config.annotation

A base class for SecurityConfigurer that allows subclasses to only implement the methods they are interested in.

SecurityConfigurerAdapter() - Constructor for class org.springframework.security.config.annotation.SecurityConfigurerAdapter

securityContext() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.securityContext(Customizer) or securityContext(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

securityContext(Customizer<SecurityContextConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Sets up management of the SecurityContext on the SecurityContextHolder between HttpServletRequest's.

securityContext(SecurityContext) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors

Establish the specified SecurityContext to be used.

SecurityContext - Interface in org.springframework.security.core.context

Interface defining the minimum security information associated with the current thread of execution.

SecurityContextCallableProcessingInterceptor - Class in org.springframework.security.web.context.request.async

Allows for integration with Spring MVC's Callable support.

SecurityContextCallableProcessingInterceptor() - Constructor for class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor

Create a new SecurityContextCallableProcessingInterceptor that uses the SecurityContext from the SecurityContextHolder at the time SecurityContextCallableProcessingInterceptor.beforeConcurrentHandling(NativeWebRequest, Callable) is invoked.

SecurityContextCallableProcessingInterceptor(SecurityContext) - Constructor for class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor

Creates a new SecurityContextCallableProcessingInterceptor with the specified SecurityContext.

securityContextChanged(SecurityContextChangedEvent) - Method in class org.springframework.security.core.context.ObservationSecurityContextChangedListener

securityContextChanged(SecurityContextChangedEvent) - Method in interface org.springframework.security.core.context.SecurityContextChangedListener

SecurityContextChangedEvent - Class in org.springframework.security.core.context

An event that represents a change in SecurityContext

SecurityContextChangedEvent(Supplier<SecurityContext>, Supplier<SecurityContext>) - Constructor for class org.springframework.security.core.context.SecurityContextChangedEvent

Construct an event

SecurityContextChangedEvent(SecurityContext, SecurityContext) - Constructor for class org.springframework.security.core.context.SecurityContextChangedEvent

Construct an event

SecurityContextChangedListener - Interface in org.springframework.security.core.context

A listener for SecurityContextChangedEvents

securityContextChannelInterceptor() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

Deprecated.

SecurityContextChannelInterceptor - Class in org.springframework.security.messaging.context

Creates a ExecutorChannelInterceptor that will obtain the Authentication from the specified Message.getHeaders().

SecurityContextChannelInterceptor() - Constructor for class org.springframework.security.messaging.context.SecurityContextChannelInterceptor

Creates a new instance using the header of the name SimpMessageHeaderAccessor.USER_HEADER.

SecurityContextChannelInterceptor(String) - Constructor for class org.springframework.security.messaging.context.SecurityContextChannelInterceptor

Creates a new instance that uses the specified header to obtain the Authentication.

SecurityContextConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Allows persisting and restoring of the SecurityContext found on the SecurityContextHolder for each request by configuring the SecurityContextPersistenceFilter.

SecurityContextConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer

Creates a new instance

SecurityContextHolder - Class in org.springframework.security.core.context

Associates a given SecurityContext with the current execution thread.

SecurityContextHolder() - Constructor for class org.springframework.security.core.context.SecurityContextHolder

SecurityContextHolderAwareRequestFilter - Class in org.springframework.security.web.servletapi

A Filter which populates the ServletRequest with a request wrapper which implements the servlet API security methods.

SecurityContextHolderAwareRequestFilter() - Constructor for class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter

SecurityContextHolderAwareRequestWrapper - Class in org.springframework.security.web.servletapi

A Spring Security-aware HttpServletRequestWrapper, which uses the SecurityContext-defined Authentication object to implement the servlet API security methods: SecurityContextHolderAwareRequestWrapper.getUserPrincipal() SecurityContextHolderAwareRequestWrapper.isUserInRole(String) HttpServletRequestWrapper.getRemoteUser().

SecurityContextHolderAwareRequestWrapper(HttpServletRequest, String) - Constructor for class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper

Creates a new instance with AuthenticationTrustResolverImpl.

SecurityContextHolderAwareRequestWrapper(HttpServletRequest, AuthenticationTrustResolver, String) - Constructor for class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper

Creates a new instance

SecurityContextHolderFilter - Class in org.springframework.security.web.context

A Filter that uses the SecurityContextRepository to obtain the SecurityContext and set it on the SecurityContextHolder.

SecurityContextHolderFilter(SecurityContextRepository) - Constructor for class org.springframework.security.web.context.SecurityContextHolderFilter

Creates a new instance.

SecurityContextHolderPrincipalResolver - Class in org.springframework.security.oauth2.client.web.client

A strategy for resolving a principal from an intercepted request using the SecurityContextHolder.

SecurityContextHolderPrincipalResolver() - Constructor for class org.springframework.security.oauth2.client.web.client.SecurityContextHolderPrincipalResolver

Constructs a SecurityContextHolderPrincipalResolver.

SecurityContextHolderPrincipalResolver(SecurityContextHolderStrategy) - Constructor for class org.springframework.security.oauth2.client.web.client.SecurityContextHolderPrincipalResolver

Constructs a SecurityContextHolderPrincipalResolver using the provided parameters.

SecurityContextHolderStrategy - Interface in org.springframework.security.core.context

A strategy for storing security context information against a thread.

SecurityContextImpl - Class in org.springframework.security.core.context

Base implementation of SecurityContext.

SecurityContextImpl() - Constructor for class org.springframework.security.core.context.SecurityContextImpl

SecurityContextImpl(Authentication) - Constructor for class org.springframework.security.core.context.SecurityContextImpl

SecurityContextLoginModule - Class in org.springframework.security.authentication.jaas

An implementation of LoginModule that uses a Spring Security SecurityContext to provide authentication.

SecurityContextLoginModule() - Constructor for class org.springframework.security.authentication.jaas.SecurityContextLoginModule

SecurityContextLogoutHandler - Class in org.springframework.security.web.authentication.logout

Performs a logout by modifying the SecurityContextHolder.

SecurityContextLogoutHandler() - Constructor for class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler

SecurityContextPersistenceFilter - Class in org.springframework.security.web.context

Deprecated.

Use SecurityContextHolderFilter

SecurityContextPersistenceFilter() - Constructor for class org.springframework.security.web.context.SecurityContextPersistenceFilter

Deprecated.

SecurityContextPersistenceFilter(SecurityContextRepository) - Constructor for class org.springframework.security.web.context.SecurityContextPersistenceFilter

Deprecated.

SecurityContextPropagationChannelInterceptor - Class in org.springframework.security.messaging.context

An ExecutorChannelInterceptor that takes an Authentication from the current SecurityContext (if any) in the SecurityContextPropagationChannelInterceptor.preSend(Message, MessageChannel) callback and stores it into an SecurityContextPropagationChannelInterceptor.authenticationHeaderName message header.

SecurityContextPropagationChannelInterceptor() - Constructor for class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor

Create a new instance using the header of the name SimpMessageHeaderAccessor.USER_HEADER.

SecurityContextPropagationChannelInterceptor(String) - Constructor for class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor

Create a new instance that uses the specified header to populate the Authentication.

securityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

securityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer

Specifies a custom SecurityContextRepository to use for basic authentication.

securityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer

Specifies the shared SecurityContextRepository that is to be used

securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

The ServerSecurityContextRepository used to save the Authentication.

securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec

The ServerSecurityContextRepository used to save the Authentication.

securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

The ServerSecurityContextRepository used to save the Authentication.

securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec

The ServerSecurityContextRepository used to save the Authentication.

securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

The strategy used with ReactorContextWebFilter.

SecurityContextRepository - Interface in org.springframework.security.web.context

Strategy used for persisting a SecurityContext between requests.

SecurityContextServerLogoutHandler - Class in org.springframework.security.web.server.authentication.logout

A ServerLogoutHandler which removes the SecurityContext using the provided ServerSecurityContextRepository

SecurityContextServerLogoutHandler() - Constructor for class org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler

SecurityContextServerWebExchange - Class in org.springframework.security.web.server.context

Overrides the ServerWebExchange.getPrincipal() with the provided SecurityContext

SecurityContextServerWebExchange(ServerWebExchange, Mono<SecurityContext>) - Constructor for class org.springframework.security.web.server.context.SecurityContextServerWebExchange

SecurityContextServerWebExchangeWebFilter - Class in org.springframework.security.web.server.context

Override the ServerWebExchange.getPrincipal() to be looked up using ReactiveSecurityContextHolder.

SecurityContextServerWebExchangeWebFilter() - Constructor for class org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter

SecurityDebugBeanFactoryPostProcessor - Class in org.springframework.security.config.debug

SecurityDebugBeanFactoryPostProcessor() - Constructor for class org.springframework.security.config.debug.SecurityDebugBeanFactoryPostProcessor

SecurityEvaluationContextExtension - Class in org.springframework.security.data.repository.query

By defining this object as a Bean, Spring Security is exposed as SpEL expressions for creating Spring Data queries.

SecurityEvaluationContextExtension() - Constructor for class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension

Creates a new instance that uses the current Authentication found on the SecurityContextHolder.

SecurityEvaluationContextExtension(Authentication) - Constructor for class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension

Creates a new instance that always uses the same Authentication object.

SecurityExpressionHandler<T> - Interface in org.springframework.security.access.expression

Facade which isolates Spring Security's requirements for evaluating security expressions from the implementation of the underlying expression objects

SecurityExpressionOperations - Interface in org.springframework.security.access.expression

Standard interface for expression root objects used with expression-based security.

SecurityExpressionRoot - Class in org.springframework.security.access.expression

Base root object for use in Spring Security expression evaluations.

SecurityExpressionRoot(Supplier<Authentication>) - Constructor for class org.springframework.security.access.expression.SecurityExpressionRoot

Creates a new instance that uses lazy initialization of the Authentication object.

SecurityExpressionRoot(Authentication) - Constructor for class org.springframework.security.access.expression.SecurityExpressionRoot

Creates a new instance

SecurityFilterChain - Interface in org.springframework.security.web

Defines a filter chain which is capable of being matched against an HttpServletRequest.

SecurityHeaders - Class in org.springframework.security.web.http

Utilities for interacting with HttpHeaders

SecurityHintsRegistrar - Interface in org.springframework.security.aot.hint

An interface for registering AOT hints.

SecurityJackson2Modules - Class in org.springframework.security.jackson2

This utility class will find all the SecurityModules in classpath.

securityMatcher(String...) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring the HttpSecurity to only be invoked when matching the provided pattern.

securityMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

The ServerExchangeMatcher that determines which requests apply to this HttpSecurity instance.

securityMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring the HttpSecurity to only be invoked when matching the provided RequestMatcher.

securityMatchers() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.securityMatchers(Customizer) or securityMatchers(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

securityMatchers(Customizer<HttpSecurity.RequestMatcherConfigurer>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows specifying which HttpServletRequest instances this HttpSecurity will be invoked on.

SecurityMetadataSource - Interface in org.springframework.security.access

Implemented by classes that store and can identify the ConfigAttributes that applies to a given secure object invocation.

SecurityMockMvcConfigurers - Class in org.springframework.security.test.web.servlet.setup

Provides Security related MockMvcConfigurer implementations.

SecurityMockMvcRequestBuilders - Class in org.springframework.security.test.web.servlet.request

Contains Spring Security related MockMvc RequestBuilders.

SecurityMockMvcRequestBuilders.FormLoginRequestBuilder - Class in org.springframework.security.test.web.servlet.request

Creates a form based login request including any necessary CsrfToken.

SecurityMockMvcRequestBuilders.LogoutRequestBuilder - Class in org.springframework.security.test.web.servlet.request

Creates a logout request (including any necessary CsrfToken)

SecurityMockMvcRequestPostProcessors - Class in org.springframework.security.test.web.servlet.request

Contains MockMvc RequestPostProcessor implementations for Spring Security.

SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request

Populates a valid CsrfToken into the request.

SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request

SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request

SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request

SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request

SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request

SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request

SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request

Creates a UsernamePasswordAuthenticationToken and sets the principal to be a User and associates it to the MockHttpServletRequest.

SecurityMockMvcResultHandlers - Class in org.springframework.security.test.web.servlet.response

Security related MockMvc ResultHandlers

SecurityMockMvcResultMatchers - Class in org.springframework.security.test.web.servlet.response

Security related MockMvc ResultMatchers.

SecurityMockMvcResultMatchers.AuthenticatedMatcher - Class in org.springframework.security.test.web.servlet.response

A MockMvc ResultMatcher that verifies a specific user is associated to the MvcResult.

SecurityMockServerConfigurers - Class in org.springframework.security.test.web.reactive.server

Test utilities for working with Spring Security and WebTestClient.Builder.apply(WebTestClientConfigurer).

SecurityMockServerConfigurers.CsrfMutator - Class in org.springframework.security.test.web.reactive.server

SecurityMockServerConfigurers.JwtMutator - Class in org.springframework.security.test.web.reactive.server

Updates the WebServerExchange using {@link SecurityMockServerConfigurers#mockAuthentication(Authentication)}.

SecurityMockServerConfigurers.OAuth2ClientMutator - Class in org.springframework.security.test.web.reactive.server

SecurityMockServerConfigurers.OAuth2LoginMutator - Class in org.springframework.security.test.web.reactive.server

SecurityMockServerConfigurers.OidcLoginMutator - Class in org.springframework.security.test.web.reactive.server

SecurityMockServerConfigurers.OpaqueTokenMutator - Class in org.springframework.security.test.web.reactive.server

SecurityMockServerConfigurers.UserExchangeMutator - Class in org.springframework.security.test.web.reactive.server

Updates the WebServerExchange using {@link SecurityMockServerConfigurers#mockUser(UserDetails)}.

SecurityNamespaceHandler - Class in org.springframework.security.config

Parses elements from the "security" namespace (http://www.springframework.org/schema/security).

SecurityNamespaceHandler() - Constructor for class org.springframework.security.config.SecurityNamespaceHandler

SecurityObservationSettings - Class in org.springframework.security.config.observation

An ObservationPredicate that can be used to change which Spring Security observations are made with Micrometer.

SecurityObservationSettings.Builder - Class in org.springframework.security.config.observation

A builder for configuring a SecurityObservationSettings

SecuritySocketAcceptorInterceptor - Class in org.springframework.security.rsocket.core

A SocketAcceptorInterceptor that applies Security through a delegate SocketAcceptorInterceptor.

SecuritySocketAcceptorInterceptor(SocketAcceptorInterceptor) - Constructor for class org.springframework.security.rsocket.core.SecuritySocketAcceptorInterceptor

SecurityTestExecutionListeners - Annotation Interface in org.springframework.security.test.context.annotation

There are many times a user may want to use Spring Security's test support (i.e.

SecurityWebApplicationContextUtils - Class in org.springframework.security.web.context.support

Spring Security extension to Spring's WebApplicationContextUtils.

SecurityWebApplicationContextUtils() - Constructor for class org.springframework.security.web.context.support.SecurityWebApplicationContextUtils

SecurityWebFilterChain - Interface in org.springframework.security.web.server

Defines a filter chain which is capable of being matched against a ServerWebExchange in order to decide whether it applies to that request.

SecurityWebFiltersOrder - Enum Class in org.springframework.security.config.web.server

SELF_SIGNED_TLS_CLIENT_AUTH - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod

sendError(int) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper

Makes sure OnCommittedResponseWrapper.onResponseCommitted() is invoked before calling the superclass sendError()

sendError(int, String) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper

Makes sure OnCommittedResponseWrapper.onResponseCommitted() is invoked before calling the superclass sendError()

sendRedirect(HttpServletRequest, HttpServletResponse, String) - Method in class org.springframework.security.web.DefaultRedirectStrategy

Redirects the response to the supplied URL.

sendRedirect(HttpServletRequest, HttpServletResponse, String) - Method in interface org.springframework.security.web.RedirectStrategy

Performs a redirect to the supplied URL

sendRedirect(String) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper

Makes sure OnCommittedResponseWrapper.onResponseCommitted() is invoked before calling the superclass sendRedirect()

sendRedirect(ServerWebExchange, URI) - Method in class org.springframework.security.web.server.DefaultServerRedirectStrategy

sendRedirect(ServerWebExchange, URI) - Method in interface org.springframework.security.web.server.ServerRedirectStrategy

Performs a redirect based upon the provided ServerWebExchange and URI

sendStartAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, AuthenticationException) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter

SERIAL_VERSION_UID - Static variable in class org.springframework.security.core.SpringSecurityCoreVersion

Global Serialization value for Spring Security classes.

SERVER_ERROR - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes

server_error - The authorization server encountered an unexpected condition that prevented it from fulfilling the request.

SERVER_REQUEST_CACHE - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

ServerRequestCacheWebFilter

ServerAccessDeniedHandler - Interface in org.springframework.security.web.server.authorization

ServerAuthenticationConverter - Interface in org.springframework.security.web.server.authentication

A strategy used for converting from a ServerWebExchange to an Authentication used for authenticating with a provided ReactiveAuthenticationManager.

ServerAuthenticationEntryPoint - Interface in org.springframework.security.web.server

Used to request authentication

ServerAuthenticationEntryPointFailureHandler - Class in org.springframework.security.web.server.authentication

Adapts a ServerAuthenticationEntryPoint into a ServerAuthenticationFailureHandler

ServerAuthenticationEntryPointFailureHandler(ServerAuthenticationEntryPoint) - Constructor for class org.springframework.security.web.server.authentication.ServerAuthenticationEntryPointFailureHandler

ServerAuthenticationFailureHandler - Interface in org.springframework.security.web.server.authentication

Handles authentication failure

ServerAuthenticationSuccessHandler - Interface in org.springframework.security.web.server.authentication

Handles authentication success

ServerAuthorizationRequestRepository<T extends OAuth2AuthorizationRequest> - Interface in org.springframework.security.oauth2.client.web.server

Implementations of this interface are responsible for the persistence of OAuth2AuthorizationRequest between requests.

ServerBearerExchangeFilterFunction - Class in org.springframework.security.oauth2.server.resource.web.reactive.function.client

An ExchangeFilterFunction that adds the Bearer Token from an existing OAuth2Token tied to the current Authentication.

ServerBearerExchangeFilterFunction() - Constructor for class org.springframework.security.oauth2.server.resource.web.reactive.function.client.ServerBearerExchangeFilterFunction

ServerBearerTokenAuthenticationConverter - Class in org.springframework.security.oauth2.server.resource.web.server.authentication

A strategy for resolving Bearer Tokens from the ServerWebExchange.

ServerBearerTokenAuthenticationConverter() - Constructor for class org.springframework.security.oauth2.server.resource.web.server.authentication.ServerBearerTokenAuthenticationConverter

ServerCsrfTokenRepository - Interface in org.springframework.security.web.server.csrf

An API to allow changing the method in which the expected CsrfToken is associated to the ServerWebExchange.

ServerCsrfTokenRequestAttributeHandler - Class in org.springframework.security.web.server.csrf

An implementation of the ServerCsrfTokenRequestHandler interface that is capable of making the CsrfToken available as an exchange attribute and resolving the token value as either a form data value or header of the request.

ServerCsrfTokenRequestAttributeHandler() - Constructor for class org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler

ServerCsrfTokenRequestHandler - Interface in org.springframework.security.web.server.csrf

A callback interface that is used to make the CsrfToken created by the ServerCsrfTokenRepository available as an exchange attribute.

ServerCsrfTokenRequestResolver - Interface in org.springframework.security.web.server.csrf

Implementations of this interface are capable of resolving the token value of a CsrfToken from the provided ServerWebExchange.

ServerExchangeRejectedException - Exception in org.springframework.security.web.server.firewall

Thrown when a ServerWebExchange is rejected.

ServerExchangeRejectedException(String) - Constructor for exception org.springframework.security.web.server.firewall.ServerExchangeRejectedException

ServerExchangeRejectedHandler - Interface in org.springframework.security.web.server.firewall

Handles ServerExchangeRejectedException thrown by ServerWebExchangeFirewall.

ServerFormLoginAuthenticationConverter - Class in org.springframework.security.web.server.authentication

Converts a ServerWebExchange into a UsernamePasswordAuthenticationToken from the form data HTTP parameters.

ServerFormLoginAuthenticationConverter - Class in org.springframework.security.web.server

Deprecated.

use ServerFormLoginAuthenticationConverter instead.

ServerFormLoginAuthenticationConverter() - Constructor for class org.springframework.security.web.server.authentication.ServerFormLoginAuthenticationConverter

ServerFormLoginAuthenticationConverter() - Constructor for class org.springframework.security.web.server.ServerFormLoginAuthenticationConverter

Deprecated.

ServerHttpBasicAuthenticationConverter - Class in org.springframework.security.web.server.authentication

Converts from a ServerWebExchange to an Authentication that can be authenticated.

ServerHttpBasicAuthenticationConverter - Class in org.springframework.security.web.server

Deprecated.

Use ServerHttpBasicAuthenticationConverter instead.

ServerHttpBasicAuthenticationConverter() - Constructor for class org.springframework.security.web.server.authentication.ServerHttpBasicAuthenticationConverter

ServerHttpBasicAuthenticationConverter() - Constructor for class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter

Deprecated.

ServerHttpHeadersWriter - Interface in org.springframework.security.web.server.header

Interface for writing headers just before the response is committed.

ServerHttpSecurity - Class in org.springframework.security.config.web.server

A ServerHttpSecurity is similar to Spring Security's HttpSecurity but for WebFlux.

ServerHttpSecurity() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity

ServerHttpSecurity.AnonymousSpec - Class in org.springframework.security.config.web.server

Configures anonymous authentication

ServerHttpSecurity.AuthorizeExchangeSpec - Class in org.springframework.security.config.web.server

Configures authorization

ServerHttpSecurity.AuthorizeExchangeSpec.Access - Class in org.springframework.security.config.web.server

Configures the access for a particular set of exchanges.

ServerHttpSecurity.CorsSpec - Class in org.springframework.security.config.web.server

Configures CORS support within Spring Security.

ServerHttpSecurity.CsrfSpec - Class in org.springframework.security.config.web.server

Configures CSRF Protection

ServerHttpSecurity.ExceptionHandlingSpec - Class in org.springframework.security.config.web.server

Configures exception handling

ServerHttpSecurity.FormLoginSpec - Class in org.springframework.security.config.web.server

Configures Form Based authentication

ServerHttpSecurity.HeaderSpec - Class in org.springframework.security.config.web.server

Configures HTTP Response Headers.

ServerHttpSecurity.HeaderSpec.CacheSpec - Class in org.springframework.security.config.web.server

Configures cache control headers

ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec - Class in org.springframework.security.config.web.server

Configures Content-Security-Policy response header.

ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec - Class in org.springframework.security.config.web.server

The content type headers

ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec - Class in org.springframework.security.config.web.server

Configures the Cross-Origin-Embedder-Policy header

ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec - Class in org.springframework.security.config.web.server

Configures the Cross-Origin-Opener-Policy header

ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec - Class in org.springframework.security.config.web.server

Configures the Cross-Origin-Resource-Policy header

ServerHttpSecurity.HeaderSpec.FeaturePolicySpec - Class in org.springframework.security.config.web.server

Configures Feature-Policy response header.

ServerHttpSecurity.HeaderSpec.FrameOptionsSpec - Class in org.springframework.security.config.web.server

Configures frame options response header

ServerHttpSecurity.HeaderSpec.HstsSpec - Class in org.springframework.security.config.web.server

Configures Strict Transport Security response header

ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec - Class in org.springframework.security.config.web.server

Configures Permissions-Policy response header.

ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec - Class in org.springframework.security.config.web.server

Configures Referrer-Policy response header.

ServerHttpSecurity.HeaderSpec.XssProtectionSpec - Class in org.springframework.security.config.web.server

Configures x-xss-protection response header

ServerHttpSecurity.HttpBasicSpec - Class in org.springframework.security.config.web.server

Configures HTTP Basic Authentication

ServerHttpSecurity.HttpsRedirectSpec - Class in org.springframework.security.config.web.server

Configures HTTPS redirection rules

ServerHttpSecurity.LogoutSpec - Class in org.springframework.security.config.web.server

Configures log out

ServerHttpSecurity.OAuth2ClientSpec - Class in org.springframework.security.config.web.server

ServerHttpSecurity.OAuth2LoginSpec - Class in org.springframework.security.config.web.server

ServerHttpSecurity.OAuth2ResourceServerSpec - Class in org.springframework.security.config.web.server

Configures OAuth2 Resource Server Support

ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec - Class in org.springframework.security.config.web.server

Configures JWT Resource Server Support

ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec - Class in org.springframework.security.config.web.server

Configures Opaque Token Resource Server support

ServerHttpSecurity.OidcLogoutSpec - Class in org.springframework.security.config.web.server

Configures OIDC 1.0 Logout support

ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer - Class in org.springframework.security.config.web.server

A configurer for configuring OIDC Back-Channel Logout

ServerHttpSecurity.OneTimeTokenLoginSpec - Class in org.springframework.security.config.web.server

Configures One-Time Token Login Support

ServerHttpSecurity.PasswordManagementSpec - Class in org.springframework.security.config.web.server

Configures password management.

ServerHttpSecurity.RequestCacheSpec - Class in org.springframework.security.config.web.server

Configures the request cache which is used when a flow is interrupted (i.e.

ServerHttpSecurity.SessionManagementSpec - Class in org.springframework.security.config.web.server

Configures how sessions are managed.

ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec - Class in org.springframework.security.config.web.server

Configures how many sessions are allowed for a given user.

ServerHttpSecurity.X509Spec - Class in org.springframework.security.config.web.server

Configures X509 authentication

ServerLogoutHandler - Interface in org.springframework.security.web.server.authentication.logout

Handles log out

ServerLogoutSuccessHandler - Interface in org.springframework.security.web.server.authentication.logout

Strategy for when log out was successfully performed (typically after ServerLogoutHandler is invoked).

ServerMaximumSessionsExceededHandler - Interface in org.springframework.security.web.server.authentication

Strategy for handling the scenario when the maximum number of sessions for a user has been reached.

ServerOAuth2AuthorizationCodeAuthenticationTokenConverter - Class in org.springframework.security.oauth2.client.web.server

Converts from a ServerWebExchange to an OAuth2AuthorizationCodeAuthenticationToken that can be authenticated.

ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(ReactiveClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationCodeAuthenticationTokenConverter

ServerOAuth2AuthorizationRequestResolver - Interface in org.springframework.security.oauth2.client.web.server

Implementations of this interface are capable of resolving an OAuth2AuthorizationRequest from the provided ServerWebExchange.

ServerOAuth2AuthorizedClientExchangeFilterFunction - Class in org.springframework.security.oauth2.client.web.reactive.function.client

Provides an easy mechanism for using an OAuth2AuthorizedClient to make OAuth2 requests by including the token as a Bearer Token.

ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager) - Constructor for class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction

Constructs a ServerOAuth2AuthorizedClientExchangeFilterFunction using the provided parameters.

ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveClientRegistrationRepository, ServerOAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction

Constructs a ServerOAuth2AuthorizedClientExchangeFilterFunction using the provided parameters.

ServerOAuth2AuthorizedClientRepository - Interface in org.springframework.security.oauth2.client.web.server

Implementations of this interface are responsible for the persistence of Authorized Client(s) between requests.

ServerOneTimeTokenAuthenticationConverter - Class in org.springframework.security.web.server.authentication.ott

An implementation of ServerAuthenticationConverter for resolving OneTimeTokenAuthenticationToken from token parameter.

ServerOneTimeTokenAuthenticationConverter() - Constructor for class org.springframework.security.web.server.authentication.ott.ServerOneTimeTokenAuthenticationConverter

ServerOneTimeTokenGenerationSuccessHandler - Interface in org.springframework.security.web.server.authentication.ott

Defines a reactive strategy to handle generated one-time tokens.

ServerRedirectOneTimeTokenGenerationSuccessHandler - Class in org.springframework.security.web.server.authentication.ott

A ServerOneTimeTokenGenerationSuccessHandler that performs a redirect to a specific location

ServerRedirectOneTimeTokenGenerationSuccessHandler(String) - Constructor for class org.springframework.security.web.server.authentication.ott.ServerRedirectOneTimeTokenGenerationSuccessHandler

ServerRedirectStrategy - Interface in org.springframework.security.web.server

A strategy for performing redirects.

ServerRequestCache - Interface in org.springframework.security.web.server.savedrequest

Saves a ServerHttpRequest so it can be "replayed" later.

ServerRequestCacheWebFilter - Class in org.springframework.security.web.server.savedrequest

A WebFilter that replays any matching request in ServerRequestCache

ServerRequestCacheWebFilter() - Constructor for class org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter

ServerSecurityContextRepository - Interface in org.springframework.security.web.server.context

Strategy used for persisting a SecurityContext between requests.

serverWebExchange(ServerWebExchange) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction

Modifies the ClientRequest.attributes() to include the ServerWebExchange to be used for providing the Bearer Token.

ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver - Class in org.springframework.security.web.server.authentication

A ReactiveAuthenticationManagerResolver that returns a ReactiveAuthenticationManager instances based upon the type of ServerWebExchange passed into ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.resolve(ServerWebExchange).

ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.Builder - Class in org.springframework.security.web.server.authentication

A builder for ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.

ServerWebExchangeDelegatingServerAccessDeniedHandler - Class in org.springframework.security.web.server.authorization

A ServerAccessDeniedHandler which delegates to multiple ServerAccessDeniedHandlers based on a ServerWebExchangeMatcher

ServerWebExchangeDelegatingServerAccessDeniedHandler(List<ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry>) - Constructor for class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler

Creates a new instance

ServerWebExchangeDelegatingServerAccessDeniedHandler(ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry...) - Constructor for class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler

Creates a new instance

ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry - Class in org.springframework.security.web.server.authorization

ServerWebExchangeDelegatingServerHttpHeadersWriter - Class in org.springframework.security.web.server.header

Delegates to a provided ServerHttpHeadersWriter if ServerWebExchangeMatcher.matches(ServerWebExchange) returns a match.

ServerWebExchangeDelegatingServerHttpHeadersWriter(ServerWebExchangeMatcherEntry<ServerHttpHeadersWriter>) - Constructor for class org.springframework.security.web.server.header.ServerWebExchangeDelegatingServerHttpHeadersWriter

Creates a new instance

ServerWebExchangeDelegatingServerHttpHeadersWriter(ServerWebExchangeMatcher, ServerHttpHeadersWriter) - Constructor for class org.springframework.security.web.server.header.ServerWebExchangeDelegatingServerHttpHeadersWriter

Creates a new instance

ServerWebExchangeFirewall - Interface in org.springframework.security.web.server.firewall

Interface which can be used to reject potentially dangerous requests and/or wrap them to control their behaviour.

ServerWebExchangeMatcher - Interface in org.springframework.security.web.server.util.matcher

An interface for determining if a ServerWebExchangeMatcher matches.

ServerWebExchangeMatcher.MatchResult - Class in org.springframework.security.web.server.util.matcher

The result of matching

ServerWebExchangeMatcherEntry<T> - Class in org.springframework.security.web.server.util.matcher

A rich object for associating a ServerWebExchangeMatcher to another object.

ServerWebExchangeMatcherEntry(ServerWebExchangeMatcher, T) - Constructor for class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcherEntry

ServerWebExchangeMatchers - Class in org.springframework.security.web.server.util.matcher

Provides factory methods for creating common ServerWebExchangeMatcher

ServerX509AuthenticationConverter - Class in org.springframework.security.web.server.authentication

Converts from a SslInfo provided by a request to an PreAuthenticatedAuthenticationToken that can be authenticated.

ServerX509AuthenticationConverter(X509PrincipalExtractor) - Constructor for class org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter

ServiceAuthenticationDetails - Interface in org.springframework.security.cas.authentication

In order for the CasAuthenticationProvider to provide the correct service url to authenticate the ticket, the returned value of Authentication.getDetails() should implement this interface when tickets can be sent to any URL rather than only ServiceProperties.getService().

ServiceAuthenticationDetails - Interface in org.springframework.security.cas.web.authentication

Deprecated.

Please use org.springframework.security.cas.authentication.ServiceAuthenticationDetails

ServiceAuthenticationDetailsSource - Class in org.springframework.security.cas.web.authentication

The AuthenticationDetailsSource that is set on the CasAuthenticationFilter should return a value that implements ServiceAuthenticationDetails if the application needs to authenticate dynamic service urls.

ServiceAuthenticationDetailsSource(ServiceProperties) - Constructor for class org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource

Creates an implementation that uses the specified ServiceProperties and the default CAS artifactParameterName.

ServiceAuthenticationDetailsSource(ServiceProperties, String) - Constructor for class org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource

Creates an implementation that uses the specified artifactParameterName

ServiceProperties - Class in org.springframework.security.cas

Stores properties related to this CAS service.

ServiceProperties() - Constructor for class org.springframework.security.cas.ServiceProperties

servletApi() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.servletApi(Customizer) or servletApi(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

servletApi(Customizer<ServletApiConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Integrates the HttpServletRequest methods with the values found on the SecurityContext.

ServletApiConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Implements select methods from the HttpServletRequest using the SecurityContext from the SecurityContextHolder.

ServletApiConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer

Creates a new instance

ServletBearerExchangeFilterFunction - Class in org.springframework.security.oauth2.server.resource.web.reactive.function.client

An ExchangeFilterFunction that adds the Bearer Token from an existing OAuth2Token tied to the current Authentication.

ServletBearerExchangeFilterFunction() - Constructor for class org.springframework.security.oauth2.server.resource.web.reactive.function.client.ServletBearerExchangeFilterFunction

ServletOAuth2AuthorizedClientExchangeFilterFunction - Class in org.springframework.security.oauth2.client.web.reactive.function.client

Provides an easy mechanism for using an OAuth2AuthorizedClient to make OAuth 2.0 requests by including the access token as a bearer token.

ServletOAuth2AuthorizedClientExchangeFilterFunction() - Constructor for class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction

ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager) - Constructor for class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction

Constructs a ServletOAuth2AuthorizedClientExchangeFilterFunction using the provided parameters.

ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction

Constructs a ServletOAuth2AuthorizedClientExchangeFilterFunction using the provided parameters.

servletPath(String) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher.Builder

Sets the servlet path to be used by the MvcRequestMatcher generated by this builder

SESSION_MANAGEMENT - Static variable in class org.springframework.security.config.Elements

sessionAuthenticationErrorUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Defines the URL of the error page which should be shown when the SessionAuthenticationStrategy raises an exception.

SessionAuthenticationException - Exception in org.springframework.security.web.authentication.session

Thrown by an SessionAuthenticationStrategy or ServerSessionAuthenticationStrategy to indicate that an authentication object is not valid for the current session, typically because the same user has exceeded the number of sessions they are allowed to have concurrently.

SessionAuthenticationException(String) - Constructor for exception org.springframework.security.web.authentication.session.SessionAuthenticationException

sessionAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Defines the AuthenticationFailureHandler which will be used when the SessionAuthenticationStrategy raises an exception.

sessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer

Specify the SessionAuthenticationStrategy to use.

sessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Allows explicitly specifying the SessionAuthenticationStrategy.

SessionAuthenticationStrategy - Interface in org.springframework.security.web.authentication.session

Allows pluggable support for HttpSession-related behaviour when an authentication occurs.

sessionConcurrency(Customizer<SessionManagementConfigurer.ConcurrencyControlConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Controls the maximum number of sessions for a user.

sessionCreated(HttpSessionEvent) - Method in class org.springframework.security.web.session.HttpSessionEventPublisher

Handles the HttpSessionEvent by publishing a HttpSessionCreatedEvent to the application appContext.

SessionCreationEvent - Class in org.springframework.security.core.session

Generic session creation event which indicates that a session (potentially represented by a security context) has begun.

SessionCreationEvent(Object) - Constructor for class org.springframework.security.core.session.SessionCreationEvent

sessionCreationPolicy(SessionCreationPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Allows specifying the SessionCreationPolicy

SessionCreationPolicy - Enum Class in org.springframework.security.config.http

Specifies the various session creation policies for Spring Security.

sessionDestroyed(HttpSessionEvent) - Method in class org.springframework.security.web.session.HttpSessionEventPublisher

Handles the HttpSessionEvent by publishing a HttpSessionDestroyedEvent to the application appContext.

SessionDestroyedEvent - Class in org.springframework.security.core.session

Generic "session termination" event which indicates that a session (potentially represented by a security context) has ended.

SessionDestroyedEvent(Object) - Constructor for class org.springframework.security.core.session.SessionDestroyedEvent

sessionFixation() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Allows changing the default SessionFixationProtectionStrategy.

sessionFixation(Customizer<SessionManagementConfigurer.SessionFixationConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Allows configuring session fixation protection.

SessionFixationConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer

SessionFixationProtectionEvent - Class in org.springframework.security.web.authentication.session

Indicates a session ID was changed for the purposes of session fixation protection.

SessionFixationProtectionEvent(Authentication, String, String) - Constructor for class org.springframework.security.web.authentication.session.SessionFixationProtectionEvent

Constructs a new session fixation protection event.

SessionFixationProtectionStrategy - Class in org.springframework.security.web.authentication.session

Uses HttpServletRequest.invalidate() to protect against session fixation attacks.

SessionFixationProtectionStrategy() - Constructor for class org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy

sessionId(String) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder

Use this session id to correlate the OIDC Provider session

sessionIdChanged(HttpSessionEvent, String) - Method in class org.springframework.security.web.session.HttpSessionEventPublisher

SessionIdChangedEvent - Class in org.springframework.security.core.session

Generic "session ID changed" event which indicates that a session identifier (potentially represented by a security context) has changed.

SessionIdChangedEvent(Object) - Constructor for class org.springframework.security.core.session.SessionIdChangedEvent

SessionInformation - Class in org.springframework.security.core.session

Represents a record of a session within the Spring Security framework.

SessionInformation(Object, String, Date) - Constructor for class org.springframework.security.core.session.SessionInformation

SessionInformationExpiredEvent - Class in org.springframework.security.web.session

An event for when a SessionInformation is expired.

SessionInformationExpiredEvent(SessionInformation, HttpServletRequest, HttpServletResponse) - Constructor for class org.springframework.security.web.session.SessionInformationExpiredEvent

Creates a new instance

SessionInformationExpiredEvent(SessionInformation, HttpServletRequest, HttpServletResponse, FilterChain) - Constructor for class org.springframework.security.web.session.SessionInformationExpiredEvent

Creates a new instance

SessionInformationExpiredStrategy - Interface in org.springframework.security.web.session

Determines the behaviour of the ConcurrentSessionFilter when an expired session is detected in the ConcurrentSessionFilter.

SessionLimit - Interface in org.springframework.security.web.server.authentication

Represents the maximum number of sessions allowed.

sessionManagement() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.sessionManagement(Customizer) or sessionManagement(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

sessionManagement(Customizer<SessionManagementConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring of Session Management.

sessionManagement(Customizer<ServerHttpSecurity.SessionManagementSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures Session Management.

SessionManagementConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Allows configuring session management.

SessionManagementConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Creates a new instance

SessionManagementConfigurer.ConcurrencyControlConfigurer - Class in org.springframework.security.config.annotation.web.configurers

Allows configuring controlling of multiple sessions.

SessionManagementConfigurer.SessionFixationConfigurer - Class in org.springframework.security.config.annotation.web.configurers

Allows configuring SessionFixation protection

SessionManagementFilter - Class in org.springframework.security.web.session

Detects that a user has been authenticated since the start of the request and, if they have, calls the configured SessionAuthenticationStrategy to perform any session-related activity such as activating session-fixation protection mechanisms or checking for multiple concurrent logins.

SessionManagementFilter(SecurityContextRepository) - Constructor for class org.springframework.security.web.session.SessionManagementFilter

SessionManagementFilter(SecurityContextRepository, SessionAuthenticationStrategy) - Constructor for class org.springframework.security.web.session.SessionManagementFilter

SessionManagementSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec

sessionRegistry(ReactiveSessionRegistry) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec

Sets the ReactiveSessionRegistry to use.

sessionRegistry(SessionRegistry) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer

Controls the SessionRegistry implementation used.

SessionRegistry - Interface in org.springframework.security.core.session

Maintains a registry of SessionInformation instances.

SessionRegistryImpl - Class in org.springframework.security.core.session

Default implementation of SessionRegistry which listens for SessionDestroyedEvents published in the Spring application context.

SessionRegistryImpl() - Constructor for class org.springframework.security.core.session.SessionRegistryImpl

SessionRegistryImpl(ConcurrentMap<Object, Set<String>>, Map<String, SessionInformation>) - Constructor for class org.springframework.security.core.session.SessionRegistryImpl

set(Permission) - Method in class org.springframework.security.acls.domain.CumulativePermission

setAccess(String) - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag

setAccessDecisionManager(AccessDecisionManager) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

setAccessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter

setAccessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.web.csrf.CsrfFilter

Specifies a AccessDeniedHandler that should be used when CSRF protection fails.

setAccessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter

Sets the access denied handler.

setAccessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter

setAccessibleScopes(Set<String>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService

Deprecated, for removal: This API element is subject to removal in a future version.

Use OidcUserService.setRetrieveUserInfo(Predicate) instead

setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<JwtBearerGrantRequest>) - Method in class org.springframework.security.oauth2.client.JwtBearerOAuth2AuthorizedClientProvider

Sets the client used when requesting an access token credential at the Token Endpoint for the jwt-bearer grant.

setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>) - Method in class org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider

Sets the client used when requesting an access token credential at the Token Endpoint for the client_credentials grant.

setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest>) - Method in class org.springframework.security.oauth2.client.PasswordOAuth2AuthorizedClientProvider

Deprecated.

Sets the client used when requesting an access token credential at the Token Endpoint for the password grant.

setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest>) - Method in class org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider

Sets the client used when requesting an access token credential at the Token Endpoint for the refresh_token grant.

setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<TokenExchangeGrantRequest>) - Method in class org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider

Sets the client used when requesting an access token credential at the Token Endpoint for the token-exchange grant.

setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<JwtBearerGrantRequest>) - Method in class org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider

Sets the client used when requesting an access token credential at the Token Endpoint for the jwt-bearer grant.

setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>) - Method in class org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider

Sets the client used when requesting an access token credential at the Token Endpoint for the client_credentials grant.

setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest>) - Method in class org.springframework.security.oauth2.client.PasswordReactiveOAuth2AuthorizedClientProvider

Deprecated.

Sets the client used when requesting an access token credential at the Token Endpoint for the password grant.

setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest>) - Method in class org.springframework.security.oauth2.client.RefreshTokenReactiveOAuth2AuthorizedClientProvider

Sets the client used when requesting an access token credential at the Token Endpoint for the refresh_token grant.

setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<TokenExchangeGrantRequest>) - Method in class org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider

Sets the client used when requesting an access token credential at the Token Endpoint for the token-exchange grant.

setAccessTokenResponseConverter(Converter<Map<String, Object>, OAuth2AccessTokenResponse>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter

Sets the Converter used for converting the OAuth 2.0 Access Token Response parameters to an OAuth2AccessTokenResponse.

setAccessTokenResponseParametersConverter(Converter<OAuth2AccessTokenResponse, Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter

Sets the Converter used for converting the OAuth2AccessTokenResponse to a Map representation of the OAuth 2.0 Access Token Response parameters.

setAccountNonExpired(boolean) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence

setAccountNonLocked(boolean) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence

setAclClassIdSupported(boolean) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy

setAclClassIdSupported(boolean) - Method in class org.springframework.security.acls.jdbc.JdbcAclService

setAclClassIdSupported(boolean) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

setActorTokenResolver(Function<OAuth2AuthorizationContext, OAuth2Token>) - Method in class org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider

Sets the resolver used for resolving the actor token.

setActorTokenResolver(Function<OAuth2AuthorizationContext, Mono<OAuth2Token>>) - Method in class org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider

Sets the resolver used for resolving the actor token.

setAdapterRegistry(ReactiveAdapterRegistry) - Method in class org.springframework.security.messaging.handler.invocation.reactive.AuthenticationPrincipalArgumentResolver

Sets the ReactiveAdapterRegistry to be used.

setAdapterRegistry(ReactiveAdapterRegistry) - Method in class org.springframework.security.messaging.handler.invocation.reactive.CurrentSecurityContextArgumentResolver

Sets the ReactiveAdapterRegistry to be used.

setAdditionalExceptionMappings(Map<Class<? extends AuthenticationException>, Class<? extends AbstractAuthenticationFailureEvent>>) - Method in class org.springframework.security.authentication.DefaultAuthenticationEventPublisher

Sets additional exception to event mappings.

setAdditionalExceptionMappings(Properties) - Method in class org.springframework.security.authentication.DefaultAuthenticationEventPublisher

Deprecated.

use DefaultAuthenticationEventPublisher.setAdditionalExceptionMappings(Map)

setAddPrefixIfAlreadyExisting(boolean) - Method in class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper

setAdvisors(Collection<AuthorizationAdvisor>) - Method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory

Deprecated.

Please use AuthorizationAdvisorProxyFactory.addAdvisor(org.springframework.security.authorization.method.AuthorizationAdvisor) instead

setAdvisors(AuthorizationAdvisor...) - Method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory

Deprecated.

Please use AuthorizationAdvisorProxyFactory.addAdvisor(org.springframework.security.authorization.method.AuthorizationAdvisor) instead

setAfterInvocationManager(AfterInvocationManager) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

setAlgorithm(String) - Method in class org.springframework.security.core.token.SecureRandomFactoryBean

Allows the Pseudo Random Number Generator (PRNG) algorithm to be nominated.

setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm) - Method in class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder

Sets the algorithm to use.

setAllowBackSlash(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if a backslash "\" or a URL encoded backslash "%5C" should be allowed in the path or not.

setAllowBackSlash(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if a backslash "\" or a URL encoded backslash "%5C" should be allowed in the path or not.

setAllowedHeaderNames(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines which header names should be allowed.

setAllowedHeaderNames(Predicate<String>) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines which header names should be allowed.

setAllowedHeaderValues(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines which header values should be allowed.

setAllowedHeaderValues(Predicate<String>) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines which header values should be allowed.

setAllowedHostnames(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines which hostnames should be allowed.

setAllowedHostnames(Predicate<String>) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines which hostnames should be allowed.

setAllowedHttpMethods(Collection<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines which HTTP methods should be allowed.

setAllowedHttpMethods(Collection<HttpMethod>) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines which HTTP methods should be allowed.

setAllowedParameterNames(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines which parameter names should be allowed.

setAllowedParameterNames(Predicate<String>) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines which parameter names should be allowed.

setAllowedParameterValues(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines which parameter values should be allowed.

setAllowedParameterValues(Predicate<String>) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines which parameter values should be allowed.

setAllowFormEncodedBodyParameter(boolean) - Method in class org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver

Set if transport of access token using form-encoded body parameter is supported.

setAllowFromParameterName(String) - Method in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy

Deprecated.

Sets the HTTP parameter used to retrieve the value for the origin that is allowed from.

setAllowIfAllAbstainDecisions(boolean) - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager

Deprecated.

setAllowIfEqualGrantedDeniedDecisions(boolean) - Method in class org.springframework.security.access.vote.ConsensusBased

Deprecated.

setAllowNull(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if a null "\0" or a URL encoded nul "%00" should be allowed in the path or not.

setAllowNull(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if a null "\0" or a URL encoded nul "%00" should be allowed in the path or not.

setAllowSemicolon(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if semicolon is allowed in the URL (i.e.

setAllowSemicolon(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if semicolon is allowed in the URL (i.e.

setAllowSessionCreation(boolean) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

setAllowSessionCreation(boolean) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler

setAllowSessionCreation(boolean) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository

If set to true (the default), a session will be created (if required) to store the security context if it is determined that its contents are different from the default empty context value.

setAllowUriQueryParameter(boolean) - Method in class org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver

Set if transport of access token using URI query parameter is supported.

setAllowUriQueryParameter(boolean) - Method in class org.springframework.security.oauth2.server.resource.web.server.authentication.ServerBearerTokenAuthenticationConverter

Set if transport of access token using URI query parameter is supported.

setAllowUrlEncodedCarriageReturn(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if a URL encoded Carriage Return is allowed in the path or not.

setAllowUrlEncodedCarriageReturn(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if a URL encoded Carriage Return is allowed in the path or not.

setAllowUrlEncodedDoubleSlash(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if double slash "//" that is URL encoded "%2F%2F" should be allowed in the path or not.

setAllowUrlEncodedDoubleSlash(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if double slash "//" that is URL encoded "%2F%2F" should be allowed in the path or not.

setAllowUrlEncodedLineFeed(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if a URL encoded Line Feed is allowed in the path or not.

setAllowUrlEncodedLineFeed(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if a URL encoded Line Feed is allowed in the path or not.

setAllowUrlEncodedLineSeparator(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if a URL encoded line separator is allowed in the path or not.

setAllowUrlEncodedLineSeparator(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if a URL encoded line separator is allowed in the path or not.

setAllowUrlEncodedParagraphSeparator(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if a URL encoded paragraph separator is allowed in the path or not.

setAllowUrlEncodedParagraphSeparator(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if a URL encoded paragraph separator is allowed in the path or not.

setAllowUrlEncodedPercent(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if a percent "%" that is URL encoded "%25" should be allowed in the path or not.

setAllowUrlEncodedPercent(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if a percent "%" that is URL encoded "%25" should be allowed in the path or not.

setAllowUrlEncodedPeriod(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if a period "." that is URL encoded "%2E" should be allowed in the path or not.

setAllowUrlEncodedPeriod(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if a period "." that is URL encoded "%2E" should be allowed in the path or not.

setAllowUrlEncodedSlash(boolean) - Method in class org.springframework.security.web.firewall.DefaultHttpFirewall

Sets if the application should allow a URL encoded slash character.

setAllowUrlEncodedSlash(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Determines if a slash "/" that is URL encoded "%2F" should be allowed in the path or not.

setAllowUrlEncodedSlash(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Determines if a slash "/" that is URL encoded "%2F" should be allowed in the path or not.

setAlsoHandleJavaxNamingBindExceptions(boolean) - Method in class org.springframework.security.ldap.authentication.BindAuthenticator

Set whether javax-based bind exceptions should also be delegated to #handleBindException (only Spring-based bind exceptions are handled by default)

setAlwaysCreateSession(boolean) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy

setAlwaysReauthenticate(boolean) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

Indicates whether the AbstractSecurityInterceptor should ignore the Authentication.isAuthenticated() property.

setAlwaysRemember(boolean) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

setAlwaysUseDefaultTargetUrl(boolean) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

If true, will always redirect to the value of defaultTargetUrl (defaults to false).

setAnonymousAuthentication(Authentication) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor

Allows setting the Authentication used for anonymous authentication.

setAnonymousAuthentication(Authentication) - Method in class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor

Configure an Authentication used for anonymous authentication.

setAnonymousAuthorizedClientRepository(OAuth2AuthorizedClientRepository) - Method in class org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository

Sets the OAuth2AuthorizedClientRepository used for requests that are unauthenticated (or anonymous).

setAnonymousAuthorizedClientRepository(ServerOAuth2AuthorizedClientRepository) - Method in class org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository

Sets the ServerOAuth2AuthorizedClientRepository used for requests that are unauthenticated (or anonymous).

setAnonymousClass(Class<? extends Authentication>) - Method in class org.springframework.security.authentication.AuthenticationTrustResolverImpl

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager

Invokes PostAuthorizeExpressionAttributeRegistry.setApplicationContext(ApplicationContext) with the provided ApplicationContext.

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

Deprecated.

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.http.UserDetailsServiceFactoryBean

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.ldap.server.ApacheDSContainer

Deprecated.

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.ldap.server.UnboundIdContainer

setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.authentication.DefaultAuthenticationEventPublisher

setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider

setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler

setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter

setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy

Sets the ApplicationEventPublisher to use for submitting SessionFixationProtectionEvent.

setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

setArtifactParameter(String) - Method in class org.springframework.security.cas.ServiceProperties

Configures the Request Parameter to look for when attempting to see if a CAS ticket was sent from the server.

setAsText(String) - Method in class org.springframework.security.core.userdetails.memory.UserAttributeEditor

setAsText(String) - Method in class org.springframework.security.web.util.matcher.RequestMatcherEditor

setAttributeNames(Set<String>) - Method in class org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator

Sets the attribute names to retrieve for each ldap groups.

setAttributePrefix(String) - Method in class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper

setAttributes2grantedAuthoritiesMap(Map<?, ?>) - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper

setAttributesConverter(Converter<OAuth2UserRequest, Converter<Map<String, Object>, Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService

Use this strategy to adapt user attributes into a format understood by Spring Security; by default, the original attributes are preserved.

setAttributesConverter(Converter<OAuth2UserRequest, Converter<Map<String, Object>, Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.userinfo.DefaultReactiveOAuth2UserService

Use this strategy to adapt user attributes into a format understood by Spring Security; by default, the original attributes are preserved.

setAttributesToRetrieve(String[]) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

setAttrName(String) - Method in class org.springframework.security.web.webauthn.authentication.HttpSessionPublicKeyCredentialRequestOptionsRepository

setAttrName(String) - Method in class org.springframework.security.web.webauthn.registration.HttpSessionPublicKeyCredentialCreationOptionsRepository

setAuthenticateAllArtifacts(boolean) - Method in class org.springframework.security.cas.ServiceProperties

If true, then any non-null artifact (ticket) should be authenticated.

setAuthenticated(boolean) - Method in class org.springframework.security.authentication.AbstractAuthenticationToken

setAuthenticated(boolean) - Method in class org.springframework.security.authentication.UsernamePasswordAuthenticationToken

setAuthenticated(boolean) - Method in class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken

setAuthenticated(boolean) - Method in interface org.springframework.security.core.Authentication

See Authentication.isAuthenticated() for a full description.

setAuthenticated(boolean) - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken

The state of this object cannot be changed.

setAuthenticated(boolean) - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication

setAuthenticated(boolean) - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationRequestToken

setAuthentication(Authentication) - Method in class org.springframework.security.authorization.AuthorizationObservationContext

Set the observed Authentication for this authorization

setAuthentication(Authentication) - Method in interface org.springframework.security.core.context.SecurityContext

Changes the currently authenticated principal, or removes the authentication information.

setAuthentication(Authentication) - Method in class org.springframework.security.core.context.SecurityContextImpl

setAuthentication(Authentication) - Static method in class org.springframework.security.test.context.TestSecurityContextHolder

Creates a new SecurityContext with the given Authentication.

setAuthenticationConverter(Function<ServerWebExchange, Mono<Authentication>>) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter

Deprecated.

As of 5.1 in favor of AuthenticationWebFilter.setServerAuthenticationConverter(ServerAuthenticationConverter)

setAuthenticationConverter(Converter<OAuth2TokenIntrospectionClaimAccessor, ? extends OAuth2AuthenticatedPrincipal>) - Method in class org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector

Sets the Converter<OAuth2TokenIntrospectionClaimAccessor, OAuth2AuthenticatedPrincipal> to use.

setAuthenticationConverter(Converter<OAuth2TokenIntrospectionClaimAccessor, Mono<? extends OAuth2AuthenticatedPrincipal>>) - Method in class org.springframework.security.oauth2.server.resource.introspection.SpringReactiveOpaqueTokenIntrospector

Sets the Converter<OAuth2TokenIntrospectionClaimAccessor, OAuth2AuthenticatedPrincipal> to use.

setAuthenticationConverter(OpaqueTokenAuthenticationConverter) - Method in class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider

Provide with a custom bean to turn successful introspection result into an Authentication instance of your choice.

setAuthenticationConverter(ReactiveOpaqueTokenAuthenticationConverter) - Method in class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager

Provide with a custom bean to turn successful introspection result into an Authentication instance of your choice.

setAuthenticationConverter(PayloadExchangeAuthenticationConverter) - Method in class org.springframework.security.rsocket.authentication.AuthenticationPayloadInterceptor

Sets the convert to be used

setAuthenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.web.authentication.AuthenticationFilter

setAuthenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter

Sets the AuthenticationConverter to use.

setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter

Set the AuthenticationDetailsSource to use.

setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter

setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter

setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter

Sets the AuthenticationDetailsSource to use.

setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter

setAuthenticationEntryPoint(DigestAuthenticationEntryPoint) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter

setAuthenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter

Set the AuthenticationEntryPoint to use.

setAuthenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter

Sets the AuthenticationEntryPoint used when integrating HttpServletRequest with Servlet 3 APIs.

setAuthenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter

Sets the authentication entry point used when authentication is required

setAuthenticationEventPublisher(AuthenticationEventPublisher) - Method in class org.springframework.security.authentication.ProviderManager

setAuthenticationEventPublisher(AuthenticationEventPublisher) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean

setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter

Wraps the AuthenticationFailureHandler to distinguish between handling proxy ticket authentication failures and service ticket failures.

setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter

Sets the AuthenticationFailureHandler used to handle errors redirecting to the Authorization Server's Authorization Endpoint.

setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter

Set the AuthenticationFailureHandler to use.

setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

Sets the strategy used to handle a failed authentication.

setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.session.SessionManagementFilter

The handler which will be invoked if the AuthenticatedSessionStrategy raises a SessionAuthenticationException, indicating that the user is not allowed to be authenticated for this session (typically because they already have too many sessions open).

setAuthenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter

Sets the failure handler used when authentication fails.

setAuthenticationFilter(F) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Sets the Authentication Filter

setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager

setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter

Sets the AuthenticationManager used when integrating HttpServletRequest with Servlet 3 APIs.

setAuthenticationManagerClass(Class<?>) - Method in class org.springframework.security.authentication.AuthenticationObservationContext

Set the AuthenticationManager class that processed the authentication

setAuthenticationManagerResolver(AuthenticationManagerResolver<HttpServletRequest>) - Method in class org.springframework.security.web.authentication.AuthenticationFilter

setAuthenticationRequest(Authentication) - Method in class org.springframework.security.authentication.AuthenticationObservationContext

Set the Authentication request that was observed

setAuthenticationRequestRepository(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest>) - Method in class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter

Use the given Saml2AuthenticationRequestRepository to remove the saved authentication request.

setAuthenticationRequestRepository(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest>) - Method in class org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter

Use the given Saml2AuthenticationRequestRepository to load authentication request.

setAuthenticationRequestRepository(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest>) - Method in class org.springframework.security.saml2.provider.service.web.Saml2WebSsoAuthenticationRequestFilter

Use the given Saml2AuthenticationRequestRepository to save the authentication request

setAuthenticationResult(Authentication) - Method in class org.springframework.security.authentication.AuthenticationObservationContext

Set the Authentication result that was observed

setAuthenticationResultConverter(Converter<OAuth2LoginAuthenticationToken, OAuth2AuthenticationToken>) - Method in class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter

Sets the converter responsible for converting from OAuth2LoginAuthenticationToken to OAuth2AuthenticationToken authentication result.

setAuthenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Sets the strategy used to handle a successful authentication.

setAuthenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

Sets the strategy used to handle a successful authentication.

setAuthenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter

Allows control over the destination a remembered user is sent to when they are successfully authenticated.

setAuthenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter

Sets the authentication success handler.

setAuthenticationTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.access.vote.AuthenticatedVoter

Deprecated.

setAuthenticationTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter

setAuthenticationTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter

Sets the authentication trust resolver.

setAuthenticationUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setAuthenticationUserDetailsService(AuthenticationUserDetailsService<CasAssertionAuthenticationToken>) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider

setAuthorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence

setAuthorities(List<GrantedAuthority>) - Method in class org.springframework.security.core.userdetails.memory.UserAttribute

Set all authorities for this user.

setAuthoritiesAsString(List<String>) - Method in class org.springframework.security.core.userdetails.memory.UserAttribute

Set all authorities for this user from String values.

setAuthoritiesAuthorizationManager(AuthorizationManager<Collection<String>>) - Method in class org.springframework.security.authorization.method.Jsr250AuthorizationManager

Sets an AuthorizationManager that accepts a collection of authority strings.

setAuthoritiesAuthorizationManager(AuthorizationManager<Collection<String>>) - Method in class org.springframework.security.authorization.method.SecuredAuthorizationManager

Sets an AuthorizationManager that accepts a collection of authority strings.

setAuthoritiesByUsernameQuery(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

Allows the default query string used to retrieve authorities based on username to be overridden, if default table or column names need to be changed.

setAuthoritiesClaimDelimiter(String) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter

Sets the regex to use for splitting the value of the authorities claim into authorities.

setAuthoritiesClaimName(String) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter

Sets the name of token claim to use for mapping authorities by this converter.

setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider

setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory

Sets the GrantedAuthoritiesMapper used for converting the authorities loaded from storage to a new set of authorities which will be associated to the UsernamePasswordAuthenticationToken.

setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

Sets the GrantedAuthoritiesMapper used for converting the authorities loaded from storage to a new set of authorities which will be associated to the UsernamePasswordAuthenticationToken.

setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider

Sets the GrantedAuthoritiesMapper used for mapping OAuth2AuthenticatedPrincipal.getAuthorities() to a new set of authorities which will be associated to the OAuth2LoginAuthenticationToken.

setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginReactiveAuthenticationManager

Sets the GrantedAuthoritiesMapper used for mapping OAuth2AuthenticatedPrincipal.getAuthorities() to a new set of authorities which will be associated to the OAuth2LoginAuthenticationToken.

setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider

Sets the GrantedAuthoritiesMapper used for mapping OAuth2AuthenticatedPrincipal.getAuthorities()} to a new set of authorities which will be associated to the OAuth2LoginAuthenticationToken.

setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager

Sets the GrantedAuthoritiesMapper used for mapping OAuth2AuthenticatedPrincipal.getAuthorities() to a new set of authorities which will be associated to the OAuth2LoginAuthenticationToken.

setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

setAuthoritiesPopulator(LdapAuthoritiesPopulator) - Method in class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider

Set the strategy for obtaining the authorities for a given user after they've been authenticated.

setAuthorityGranters(AuthorityGranter[]) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider

Set the AuthorityGranters that should be consulted for role names to be granted to the Authentication.

setAuthorityMapper(Function<Map<String, List<String>>, GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

Sets the mapping function which will be used to create instances of GrantedAuthority given the context record.

setAuthorityPrefix(String) - Method in class org.springframework.security.oauth2.server.resource.authentication.ExpressionJwtGrantedAuthoritiesConverter

Sets the prefix to use for authorities mapped by this converter.

setAuthorityPrefix(String) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter

Sets the prefix to use for authorities mapped by this converter.

setAuthorizationEventPublisher(AuthorizationEventPublisher) - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor

Use this AuthorizationEventPublisher to publish the AuthorizationManager result.

setAuthorizationEventPublisher(AuthorizationEventPublisher) - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor

Use this AuthorizationEventPublisher to publish the AuthorizationManager result.

setAuthorizationEventPublisher(AuthorizationEventPublisher) - Method in class org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor

Use this AuthorizationEventPublisher to publish the AuthorizationManager result.

setAuthorizationEventPublisher(AuthorizationEventPublisher) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter

Use this AuthorizationEventPublisher to publish AuthorizationDeniedEvents and AuthorizationGrantedEvents.

setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager

Sets the OAuth2AuthorizationFailureHandler that handles authorization failures.

setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler) - Method in class org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor

Sets the OAuth2AuthorizationFailureHandler that handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server.

setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager

Sets the OAuth2AuthorizationFailureHandler that handles authorization failures.

setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction

Sets the OAuth2AuthorizationFailureHandler that handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server.

setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager

Sets the handler that handles authorization failures.

setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager

Sets the handler that handles authorization failures.

setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction

Sets the handler that handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server.

setAuthorizationRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter

Sets the redirect strategy for Authorization Endpoint redirect URI.

setAuthorizationRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter

Sets the redirect strategy for Authorization Endpoint redirect URI.

setAuthorizationRequestCustomizer(Consumer<OAuth2AuthorizationRequest.Builder>) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver

Sets the Consumer to be provided the OAuth2AuthorizationRequest.Builder allowing for further customizations.

setAuthorizationRequestCustomizer(Consumer<OAuth2AuthorizationRequest.Builder>) - Method in class org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver

Sets the Consumer to be provided the OAuth2AuthorizationRequest.Builder allowing for further customizations.

setAuthorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter

Sets the repository for stored OAuth2AuthorizationRequest's.

setAuthorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter

Sets the repository used for storing OAuth2AuthorizationRequest's.

setAuthorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter

Sets the repository for stored OAuth2AuthorizationRequest's.

setAuthorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationCodeGrantWebFilter

Sets the repository used for storing OAuth2AuthorizationRequest's.

setAuthorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter

Sets the repository used for storing OAuth2AuthorizationRequest's.

setAuthorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationCodeAuthenticationTokenConverter

Sets the ServerAuthorizationRequestRepository to be used.

setAuthorizationResult(AuthorizationResult) - Method in class org.springframework.security.authorization.AuthorizationObservationContext

Set the observed AuthorizationResult

setAuthorizationSuccessHandler(OAuth2AuthorizationSuccessHandler) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager

Sets the OAuth2AuthorizationSuccessHandler that handles successful authorizations.

setAuthorizationSuccessHandler(OAuth2AuthorizationSuccessHandler) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager

Sets the OAuth2AuthorizationSuccessHandler that handles successful authorizations.

setAuthorizationSuccessHandler(ReactiveOAuth2AuthorizationSuccessHandler) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager

Sets the handler that handles successful authorizations.

setAuthorizationSuccessHandler(ReactiveOAuth2AuthorizationSuccessHandler) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager

Sets the handler that handles successful authorizations.

setAuthorizedClientParametersMapper(Function<JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder, List<SqlParameterValue>>) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService

Sets the Function used for mapping JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder to a List of SqlParameterValue.

setAuthorizedClientParametersMapper(Function<R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder, Map<String, Parameter>>) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService

Sets the Function used for mapping R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder to a Map of String and Parameter.

setAuthorizedClientProvider(OAuth2AuthorizedClientProvider) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager

Sets the OAuth2AuthorizedClientProvider used for authorizing (or re-authorizing) an OAuth 2.0 Client.

setAuthorizedClientProvider(OAuth2AuthorizedClientProvider) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager

Sets the OAuth2AuthorizedClientProvider used for authorizing (or re-authorizing) an OAuth 2.0 Client.

setAuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProvider) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager

Sets the ReactiveOAuth2AuthorizedClientProvider used for authorizing (or re-authorizing) an OAuth 2.0 Client.

setAuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProvider) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager

Sets the ReactiveOAuth2AuthorizedClientProvider used for authorizing (or re-authorizing) an OAuth 2.0 Client.

setAuthorizedClientRowMapper(BiFunction<Row, RowMetadata, R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder>) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService

Sets the BiFunction used for mapping the current io.r2dbc.spi.Row to R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder.

setAuthorizedClientRowMapper(RowMapper<OAuth2AuthorizedClient>) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService

Sets the RowMapper used for mapping the current row in java.sql.ResultSet to OAuth2AuthorizedClient.

setBatchSize(int) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy

setBeanClassLoader(ClassLoader) - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource

Deprecated.

setBeanClassLoader(ClassLoader) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration

setBeanFactory(BeanFactory) - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor

Deprecated.

setBeanFactory(BeanFactory) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Deprecated.

setBeanFactory(BeanFactory) - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean

setBeanFactory(BeanFactory) - Method in class org.springframework.security.web.DefaultSecurityFilterChain

setBeanName(String) - Method in class org.springframework.security.web.DefaultSecurityFilterChain

setBeanResolver(BeanResolver) - Method in class org.springframework.security.messaging.handler.invocation.reactive.AuthenticationPrincipalArgumentResolver

Sets the BeanResolver to be used on the expressions

setBeanResolver(BeanResolver) - Method in class org.springframework.security.messaging.handler.invocation.reactive.CurrentSecurityContextArgumentResolver

Sets the BeanResolver to be used on the expressions

setBeanResolver(BeanResolver) - Method in class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver

Sets the BeanResolver to be used on the expressions

setBeanResolver(BeanResolver) - Method in class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver

Set the BeanResolver to be used on the expressions

setBeanResolver(BeanResolver) - Method in class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver

Sets the BeanResolver to be used on the expressions

setBeanResolver(BeanResolver) - Method in class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver

Sets the BeanResolver to be used on the expressions

setBearerTokenHeaderName(String) - Method in class org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver

Set this value to configure what header is checked when resolving a Bearer Token.

setBearerTokenHeaderName(String) - Method in class org.springframework.security.oauth2.server.resource.web.server.authentication.ServerBearerTokenAuthenticationConverter

Set this value to configure what header is checked when resolving a Bearer Token.

setBearerTokenResolver(BearerTokenResolver) - Method in class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter

Set the BearerTokenResolver to use.

setBodyExtractor(BodyExtractor<Mono<OAuth2AccessTokenResponse>, ReactiveHttpInputMessage>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient

Sets the BodyExtractor that will be used to decode the OAuth2AccessTokenResponse

setBuilder(B) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter

Sets the SecurityBuilder to be used.

setCache(Cache) - Method in class org.springframework.security.saml2.provider.service.registration.CachingRelyingPartyRegistrationRepository

Use this cache for the completed RelyingPartyRegistration instances.

setCacheSecurityContext(boolean) - Method in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository

If set to true the result of WebSessionServerSecurityContextRepository.load(ServerWebExchange) will use Mono.cache() to prevent multiple lookups.

setCallbackHandlers(JaasAuthenticationCallbackHandler[]) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider

Set the JAASAuthenticationCallbackHandler array to handle callback objects generated by the LoginContext.login method.

setCarLicense(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

setCertificatePassord(String) - Method in class org.springframework.security.ldap.server.ApacheDSContainer

Deprecated.

Will set the certificate password on the underlying LdapServer.

setChangePasswordSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

setChannelDecisionManager(ChannelDecisionManager) - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter

setChannelProcessors(List<?>) - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl

setCheckForPrincipalChanges(boolean) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

If set, the pre-authenticated principal will be checked on each request and compared against the name of the current Authentication object.

setClaimSetConverter(Converter<Map<String, Object>, Map<String, Object>>) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder

Use the following Converter for manipulating the JWT's claim set

setClaimSetConverter(Converter<Map<String, Object>, Map<String, Object>>) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder

Use the following Converter for manipulating the JWT's claim set

setClaimTypeConverterFactory(Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory

Sets the factory that provides a Converter used for type conversion of claim values for an OidcIdToken.

setClaimTypeConverterFactory(Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory

Sets the factory that provides a Converter used for type conversion of claim values for an OidcIdToken.

setClaimTypeConverterFactory(Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService

Sets the factory that provides a Converter used for type conversion of claim values for an OidcUserInfo.

setClaimTypeConverterFactory(Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService

Sets the factory that provides a Converter used for type conversion of claim values for an OidcUserInfo.

setClassIdentityQuery(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

Sets the query that will be used to retrieve the identity of a newly created row in the acl_class table.

setClassPrimaryKeyQuery(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

setCleanupCron(String) - Method in class org.springframework.security.authentication.ott.JdbcOneTimeTokenService

Sets the chron expression used for cleaning up expired tokens.

setClearAuthentication(boolean) - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler

If true, removes the Authentication from the SecurityContext to prevent issues with concurrent requests.

setClientRegistrationIdResolver(OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver) - Method in class org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor

Sets the strategy for resolving a clientRegistrationId from an intercepted request.

setClock(Clock) - Method in class org.springframework.security.authentication.ott.InMemoryOneTimeTokenService

Sets the Clock used when generating one-time token and checking token expiry.

setClock(Clock) - Method in class org.springframework.security.authentication.ott.JdbcOneTimeTokenService

Sets the Clock used when generating one-time token and checking token expiry.

setClock(Clock) - Method in class org.springframework.security.authentication.ott.reactive.InMemoryReactiveOneTimeTokenService

Sets the Clock used when generating one-time token and checking token expiry.

setClock(Clock) - Method in class org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider

Sets the Clock used in Instant.now(Clock) when checking the access token expiry.

setClock(Clock) - Method in class org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider

Sets the Clock used in Instant.now(Clock) when checking the access token expiry.

setClock(Clock) - Method in class org.springframework.security.oauth2.client.JwtBearerOAuth2AuthorizedClientProvider

Sets the Clock used in Instant.now(Clock) when checking the access token expiry.

setClock(Clock) - Method in class org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider

Sets the Clock used in Instant.now(Clock) when checking the access token expiry.

setClock(Clock) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenValidator

Sets the Clock used in Instant.now(Clock) when validating the exp and iat claims.

setClock(Clock) - Method in class org.springframework.security.oauth2.client.PasswordOAuth2AuthorizedClientProvider

Deprecated.

Sets the Clock used in Instant.now(Clock) when checking the access token expiry.

setClock(Clock) - Method in class org.springframework.security.oauth2.client.PasswordReactiveOAuth2AuthorizedClientProvider

Deprecated.

Sets the Clock used in Instant.now(Clock) when checking the access token expiry.

setClock(Clock) - Method in class org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider

Sets the Clock used in Instant.now(Clock) when checking the access token expiry.

setClock(Clock) - Method in class org.springframework.security.oauth2.client.RefreshTokenReactiveOAuth2AuthorizedClientProvider

Sets the Clock used in Instant.now(Clock) when checking the access token expiry.

setClock(Clock) - Method in class org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider

Sets the Clock used in Instant.now(Clock) when checking the access token expiry.

setClock(Clock) - Method in class org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider

Sets the Clock used in Instant.now(Clock) when checking the access token expiry.

setClock(Clock) - Method in class org.springframework.security.oauth2.jwt.JwtTimestampValidator

Use this Clock with Instant.now() for assessing timestamp validity

setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider

Sets the maximum acceptable clock skew, which is used when checking the access token expiry.

setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider

Sets the maximum acceptable clock skew, which is used when checking the access token expiry.

setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.JwtBearerOAuth2AuthorizedClientProvider

Sets the maximum acceptable clock skew, which is used when checking the access token expiry.

setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider

Sets the maximum acceptable clock skew, which is used when checking the access token expiry.

setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenValidator

Sets the maximum acceptable clock skew.

setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.PasswordOAuth2AuthorizedClientProvider

Deprecated.

Sets the maximum acceptable clock skew, which is used when checking the access token expiry.

setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.PasswordReactiveOAuth2AuthorizedClientProvider

Deprecated.

Sets the maximum acceptable clock skew, which is used when checking the access token expiry.

setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider

Sets the maximum acceptable clock skew, which is used when checking the access token expiry.

setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.RefreshTokenReactiveOAuth2AuthorizedClientProvider

Sets the maximum acceptable clock skew, which is used when checking the access token expiry.

setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider

Sets the maximum acceptable clock skew, which is used when checking the access token expiry.

setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider

Sets the maximum acceptable clock skew, which is used when checking the access token expiry.

setCn(String[]) - Method in class org.springframework.security.ldap.userdetails.Person.Essence

setCompromisedPasswordChecker(CompromisedPasswordChecker) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider

Sets the CompromisedPasswordChecker to be used before creating a successful authentication.

setCompromisedPasswordChecker(ReactiveCompromisedPasswordChecker) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager

Sets the ReactiveCompromisedPasswordChecker to be used before creating a successful authentication.

setConfiguration(Configuration) - Method in class org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider

Sets the Configuration to use for Authentication.

setContentLength(int) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper

setContentLengthLong(long) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper

setContext(SecurityContext) - Method in class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy

Sets the current context.

setContext(SecurityContext) - Static method in class org.springframework.security.core.context.SecurityContextHolder

Associates a new SecurityContext with the current thread of execution.

setContext(SecurityContext) - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy

Sets the current context.

setContext(SecurityContext) - Static method in class org.springframework.security.test.context.TestSecurityContextHolder

Sets the SecurityContext on TestSecurityContextHolder and SecurityContextHolder.

setContext(SecurityContext) - Method in class org.springframework.security.test.context.TestSecurityContextHolderStrategyAdapter

setContextAttributesMapper(Function<OAuth2AuthorizeRequest, Map<String, Object>>) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager

Sets the Function used for mapping attribute(s) from the OAuth2AuthorizeRequest to a Map of attributes to be associated to the authorization context.

setContextAttributesMapper(Function<OAuth2AuthorizeRequest, Map<String, Object>>) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager

Sets the Function used for mapping attribute(s) from the OAuth2AuthorizeRequest to a Map of attributes to be associated to the authorization context.

setContextAttributesMapper(Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager

Sets the Function used for mapping attribute(s) from the OAuth2AuthorizeRequest to a Map of attributes to be associated to the authorization context.

setContextAttributesMapper(Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager

Sets the Function used for mapping attribute(s) from the OAuth2AuthorizeRequest to a Map of attributes to be associated to the authorization context.

setContextEnvironmentProperties(Map<String, Object>) - Method in class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider

Allows a custom environment properties to be used to create initial LDAP context.

setContextHolderStrategy(SecurityContextHolderStrategy) - Static method in class org.springframework.security.core.context.SecurityContextHolder

Use this SecurityContextHolderStrategy.

setContextPath(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setContextPath(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder

setContextRelative(boolean) - Method in class org.springframework.security.web.DefaultRedirectStrategy

If true, causes any redirection URLs to be calculated minus the protocol and context path (defaults to false).

setContextRelative(boolean) - Method in class org.springframework.security.web.server.DefaultServerRedirectStrategy

Sets if the location is relative to the context.

setContextSource(BaseLdapPathContextSource) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory

Sets the BaseLdapPathContextSource used to perform LDAP authentication.

setContinueChainBeforeSuccessfulAuthentication(boolean) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Indicates if the filter chain should be continued prior to delegation to AbstractAuthenticationProcessingFilter.successfulAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) , which may be useful in certain environment (such as Tapestry applications).

setContinueFilterChainOnUnsuccessfulAuthentication(boolean) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

If set to true (the default), any AuthenticationException raised by the AuthenticationManager will be swallowed, and the request will be allowed to proceed, potentially using alternative authentication mechanisms.

setContinueOnError(boolean) - Method in class org.springframework.security.authentication.DelegatingReactiveAuthenticationManager

Continue iterating when a delegate errors, defaults to false

setContinueOnError(boolean) - Method in class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationConverter

Continue iterating when a delegate errors, defaults to false

setConversionService(ConversionService) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy

setConversionService(ConversionService) - Method in class org.springframework.security.acls.jdbc.JdbcAclService

setConvertAttributeToLowerCase(boolean) - Method in class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper

setConvertAttributeToUpperCase(boolean) - Method in class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper

setConverter(GenericHttpMessageConverter<Object>) - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationFilter

Sets the GenericHttpMessageConverter to use for writing PublicKeyCredential<AuthenticatorAssertionResponse> to the response.

setConverter(HttpMessageConverter<Object>) - Method in class org.springframework.security.web.authentication.HttpMessageConverterAuthenticationSuccessHandler

Sets the GenericHttpMessageConverter to write to the response.

setConverter(HttpMessageConverter<Object>) - Method in class org.springframework.security.web.webauthn.authentication.PublicKeyCredentialRequestOptionsFilter

Sets the HttpMessageConverter to use.

setConverter(HttpMessageConverter<Object>) - Method in class org.springframework.security.web.webauthn.registration.WebAuthnRegistrationFilter

Set the HttpMessageConverter to read the WebAuthnRegistrationFilter.WebAuthnRegistrationRequest and write the response.

setConvertSubErrorCodesToExceptions(boolean) - Method in class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider

By default, a failed authentication (LDAP error 49) will result in a BadCredentialsException.

setConvertToLowerCase(boolean) - Method in class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper

Whether to convert the authority value to lower case in the mapping.

setConvertToUpperCase(boolean) - Method in class org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService

Converts the returned attribute values to uppercase values.

setConvertToUpperCase(boolean) - Method in class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper

Whether to convert the authority value to upper case in the mapping.

setConvertToUpperCase(boolean) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

Convert the role to uppercase

setConvertToUpperCase(boolean) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper

Determines whether role field values will be converted to upper case when loaded.

setCookie(String[], int, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

Sets the cookie on the response.

setCookieCustomizer(Consumer<Cookie>) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

Sets the Consumer, allowing customization of cookie.

setCookieCustomizer(Consumer<Cookie>) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache

Sets the Consumer, allowing customization of cookie.

setCookieCustomizer(Consumer<ResponseCookie.ResponseCookieBuilder>) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

Add a Consumer for a ResponseCookieBuilder that will be invoked for each cookie being built, just before the call to build().

setCookieCustomizer(Consumer<ResponseCookie.ResponseCookieBuilder>) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

Add a Consumer for a ResponseCookieBuilder that will be invoked for each cookie being built, just before the call to build().

setCookieCustomizer(Consumer<ResponseCookie.ResponseCookieBuilder>) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache

Sets the Consumer, allowing customization of cookie.

setCookieDomain(String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

setCookieDomain(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

Deprecated.

Use CookieCsrfTokenRepository.setCookieCustomizer(Consumer) instead.

setCookieDomain(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

Deprecated.

Use CookieServerCsrfTokenRepository.setCookieCustomizer(Consumer) instead.

setCookieHttpOnly(boolean) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

Deprecated.

Use CookieCsrfTokenRepository.setCookieCustomizer(Consumer) instead.

setCookieHttpOnly(boolean) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

Deprecated.

Use CookieServerCsrfTokenRepository.setCookieCustomizer(Consumer) instead.

setCookieMaxAge(int) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

Deprecated.

Use CookieCsrfTokenRepository.setCookieCustomizer(Consumer) instead.

setCookieMaxAge(int) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

Deprecated.

Use CookieServerCsrfTokenRepository.setCookieCustomizer(Consumer) instead.

setCookieName(String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

setCookieName(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

Sets the name of the cookie that the expected CSRF token is saved to and read from.

setCookieName(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

Sets the cookie name

setCookiePath(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

Set the path that the Cookie will be created with.

setCookiePath(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

Sets the cookie path

setCookies(List<Cookie>) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest

setCookies(List<SavedCookie>) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setCreateAuthenticatedToken(boolean) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter

If you set this property, the Authentication object, which is created after the successful digest authentication will be marked as authenticated and filled with the authorities loaded by the UserDetailsService.

setCreateAuthoritySql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

setCreateEmptySubject(boolean) - Method in class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter

Sets createEmptySubject.

setCreateNewSession(boolean) - Method in class org.springframework.security.web.session.RequestedUrlRedirectInvalidSessionStrategy

Determines whether a new session should be created before redirecting (to avoid possible looping issues where the same session ID is sent with the redirected request).

setCreateNewSession(boolean) - Method in class org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy

Determines whether a new session should be created before redirecting (to avoid possible looping issues where the same session ID is sent with the redirected request).

setCreateSessionAllowed(boolean) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache

If true, indicates that it is permitted to store the target URL and exception information in a new HttpSession (the default).

setCreateTableOnStartup(boolean) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl

Intended for convenience in debugging.

setCreateUserSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

setCreationOptionsRepository(PublicKeyCredentialCreationOptionsRepository) - Method in class org.springframework.security.web.webauthn.registration.WebAuthnRegistrationFilter

Sets the PublicKeyCredentialCreationOptionsRepository to use.

setCredentialsCharset(String) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter

Sets the charset to use when decoding credentials to Strings.

setCredentialsCharset(Charset) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter

setCredentialsCharset(Charset) - Method in class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter

Deprecated.

Sets the Charset used to decode the Base64-encoded bytes of the basic authentication credentials.

setCredentialsEnvironmentVariable(String) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter

setCredentialsNonExpired(boolean) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence

setCredentialsRequestHeader(String) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter

setCsrfRequestAttributeName(String) - Method in class org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler

The CsrfToken is available as a request attribute named CsrfToken.class.getName().

setCsrfTokenRepository(HttpServletRequest, CsrfTokenRepository) - Static method in class org.springframework.security.test.web.support.WebTestUtils

Sets the CsrfTokenRepository for the specified HttpServletRequest.

setCsrfTokenRepository(ServerCsrfTokenRepository) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter

setCustomizeCreationOptions(Consumer<PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder>) - Method in class org.springframework.security.web.webauthn.management.Webauthn4JRelyingPartyOperations

Sets a Consumer used to customize the PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder for Webauthn4JRelyingPartyOperations.createPublicKeyCredentialCreationOptions(PublicKeyCredentialCreationOptionsRequest).

setCustomizeRequestOptions(Consumer<PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder>) - Method in class org.springframework.security.web.webauthn.management.Webauthn4JRelyingPartyOperations

Sets a Consumer used to customize the PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder for Webauthn4JRelyingPartyOperations.createCredentialRequestOptions(PublicKeyCredentialRequestOptionsRequest).The default values are always populated, but can be overridden with this property.

setDecision(AuthorizationDecision) - Method in class org.springframework.security.authorization.AuthorizationObservationContext

Deprecated.

please use AuthorizationObservationContext.setAuthorizationResult(AuthorizationResult) instead

setDefaultAccessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler

Use this ServerAccessDeniedHandler when no ServerWebExchangeMatcher matches.

setDefaultAuthenticationFailureEvent(Class<? extends AbstractAuthenticationFailureEvent>) - Method in class org.springframework.security.authentication.DefaultAuthenticationEventPublisher

Sets a default authentication failure event as a fallback event for any unmapped exceptions not mapped in the exception mappings.

setDefaultAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver

Set the default AuthenticationManager to use when a request does not match

setDefaultAuthenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver

Set the default ReactiveAuthenticationManager to use when a request does not match

setDefaultAuthority(String) - Method in class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper

Sets a default authority to be assigned to all users

setDefaultClientRegistrationId(String) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction

If set, will be used as the default ClientRegistration.getRegistrationId().

setDefaultClientRegistrationId(String) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction

If set, will be used as the default ClientRegistration.getRegistrationId().

setDefaultDataMimeType(MimeType) - Method in class org.springframework.security.rsocket.core.PayloadSocketAcceptorInterceptor

setDefaultEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint

EntryPoint which is used when no RequestMatcher returned true

setDefaultEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint

EntryPoint which is used when no RequestMatcher returned true

setDefaultFailureUrl(String) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler

The URL which will be used as the failure destination.

setDefaultLogoutSuccessHandler(LogoutSuccessHandler) - Method in class org.springframework.security.web.authentication.logout.DelegatingLogoutSuccessHandler

Sets the default LogoutSuccessHandler if no other handlers available

setDefaultMetadataMimeType(MimeType) - Method in class org.springframework.security.rsocket.core.PayloadSocketAcceptorInterceptor

setDefaultNameRequired(boolean) - Method in class org.springframework.security.config.ldap.ContextSourceSettingPostProcessor

setDefaultOAuth2AuthorizedClient(boolean) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction

If true, a default OAuth2AuthorizedClient can be discovered from the current Authentication.

setDefaultOAuth2AuthorizedClient(boolean) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction

If true, a default OAuth2AuthorizedClient can be discovered from the current Authentication.

setDefaultPasswordEncoderForMatches(PasswordEncoder) - Method in class org.springframework.security.crypto.password.DelegatingPasswordEncoder

Sets the PasswordEncoder to delegate to for DelegatingPasswordEncoder.matches(CharSequence, String) if the id is not mapped to a PasswordEncoder.

setDefaultRole(String) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

The default role which will be assigned to all users.

setDefaultRolePrefix(String) - Method in class org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource

Deprecated.

Sets the default prefix to be added to RolesAllowed.

setDefaultRolePrefix(String) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler

Sets the default prefix to be added to SecurityExpressionRoot.hasAnyRole(String...) or SecurityExpressionRoot.hasRole(String).

setDefaultRolePrefix(String) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot

Sets the default prefix to be added to SecurityExpressionRoot.hasAnyRole(String...) or SecurityExpressionRoot.hasRole(String).

setDefaultRolePrefix(String) - Method in class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension

Sets the default prefix to be added to SecurityExpressionRoot.hasAnyRole(String...) or SecurityExpressionRoot.hasRole(String).

setDefaultRolePrefix(String) - Method in class org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler

Sets the default prefix to be added to SecurityExpressionRoot.hasAnyRole(String...) or SecurityExpressionRoot.hasRole(String).

setDefaultRolePrefix(String) - Method in class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler

Sets the default prefix to be added to SecurityExpressionRoot.hasAnyRole(String...) or SecurityExpressionRoot.hasRole(String).

setDefaultTargetUrl(String) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

Supplies the default target Url that will be used if no saved request is found in the session, or the alwaysUseDefaultTargetUrl property is set to true.

setDeferLoadToken(boolean) - Method in class org.springframework.security.web.csrf.LazyCsrfTokenRepository

Deprecated.

Determines if LazyCsrfTokenRepository.loadToken(HttpServletRequest) should be lazily loaded.

setDeferredContext(Supplier<SecurityContext>) - Method in class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy

Sets a Supplier that will return the current context.

setDeferredContext(Supplier<SecurityContext>) - Static method in class org.springframework.security.core.context.SecurityContextHolder

Sets a Supplier that will return the current context.

setDeferredContext(Supplier<SecurityContext>) - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy

Sets a Supplier that will return the current context.

setDeleteEntryByObjectIdentityForeignKeySql(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

setDeleteGroupAuthoritiesSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

setDeleteGroupAuthoritySql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

setDeleteGroupMemberSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

setDeleteGroupMembersSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

setDeleteGroupSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

setDeleteObjectIdentityByPrimaryKeySql(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

setDeleteUserAuthoritiesSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

setDeleteUserSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

setDepartmentNumber(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

setDerefLinkFlag(boolean) - Method in class org.springframework.security.ldap.search.FilterBasedLdapUserSearch

Sets the corresponding property on the SearchControls instance used in the search.

setDescription(String) - Method in class org.springframework.security.ldap.userdetails.Person.Essence

setDestinationIndicator(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

setDetails(HttpServletRequest, UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

Provided so that subclasses may configure what is put into the authentication request's details property.

setDetails(Object) - Method in class org.springframework.security.authentication.AbstractAuthenticationToken

setDeviceAuthorizationResponseConverter(Converter<Map<String, Object>, OAuth2DeviceAuthorizationResponse>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2DeviceAuthorizationResponseHttpMessageConverter

Sets the Converter used for converting the OAuth 2.0 Device Authorization Response parameters to an OAuth2DeviceAuthorizationResponse.

setDeviceAuthorizationResponseParametersConverter(Converter<OAuth2DeviceAuthorizationResponse, Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2DeviceAuthorizationResponseHttpMessageConverter

Sets the Converter used for converting the OAuth2DeviceAuthorizationResponse to a Map representation of the OAuth 2.0 Device Authorization Response parameters.

setDisableUrlRewriting(boolean) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository

Allows the use of session identifiers in URLs to be disabled.

setDisplayName(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

setDn(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence

setDn(Name) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence

setDomainObject(Object) - Method in class org.springframework.security.taglibs.authz.AccessControlListTag

setEmployeeNumber(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

setEnableAuthorities(boolean) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

Enables loading of authorities (roles) from the authorities table.

setEnabled(boolean) - Method in class org.springframework.security.core.userdetails.memory.UserAttribute

setEnabled(boolean) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence

setEnableGroups(boolean) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

Enables support for group authorities.

setEncodeClientCredentials(boolean) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultOAuth2TokenRequestHeadersConverter

Sets whether the client credentials of the Authorization header will be encoded using the application/x-www-form-urlencoded encoding algorithm according to RFC 6749.

setEncodeHashAsBase64(boolean) - Method in class org.springframework.security.crypto.password.Md4PasswordEncoder

Deprecated.

setEncodeHashAsBase64(boolean) - Method in class org.springframework.security.crypto.password.MessageDigestPasswordEncoder

Deprecated.

setEncodeHashAsBase64(boolean) - Method in class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder

Sets if the resulting hash should be encoded as Base64.

setEncodeServiceUrlWithSessionId(boolean) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint

Sets whether to encode the service url with the session id or not.

setEntriesInheriting(boolean) - Method in class org.springframework.security.acls.domain.AclImpl

setEntriesInheriting(boolean) - Method in interface org.springframework.security.acls.model.MutableAcl

Change the value returned by Acl.isEntriesInheriting().

setEntryPoint(ChannelEntryPoint) - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor

setEntryPoint(ChannelEntryPoint) - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor

setEraseCredentialsAfterAuthentication(boolean) - Method in class org.springframework.security.authentication.ProviderManager

If set to, a resulting Authentication which implements the CredentialsContainer interface will have its eraseCredentials method called before it is returned from the authenticate() method.

setEraseCredentialsAfterAuthentication(boolean) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean

setErrorConverter(Converter<Map<String, String>, OAuth2Error>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter

Sets the Converter used for converting the OAuth 2.0 Error parameters to an OAuth2Error.

setErrorConverter(HttpMessageConverter<OAuth2Error>) - Method in class org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler

Sets the HttpMessageConverter for an OAuth 2.0 Error.

setErrorPage(String) - Method in class org.springframework.security.web.access.AccessDeniedHandlerImpl

The error page to use.

setErrorParametersConverter(Converter<OAuth2Error, Map<String, String>>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter

Sets the Converter used for converting the OAuth2Error to a Map representation of the OAuth 2.0 Error parameters.

setExceptionIfHeaderMissing(boolean) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter

Defines whether an exception should be raised if the principal header is missing.

setExceptionIfMaximumExceeded(boolean) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy

Sets the exceptionIfMaximumExceeded property, which determines whether the user should be prevented from opening more sessions than allowed.

setExceptionIfVariableMissing(boolean) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter

Defines whether an exception should be raised if the principal variable is missing.

setExceptionMappings(Map<?, ?>) - Method in class org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler

Sets the map of exception types (by name) to URLs.

setExchangeRejectedHandler(ServerExchangeRejectedHandler) - Method in class org.springframework.security.web.server.WebFilterChainProxy

Handles ServerExchangeRejectedException when the ServerWebExchangeFirewall rejects the provided ServerWebExchange.

setExitUserMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter

Set the matcher to respond to exit user processing.

setExitUserMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

Set the matcher to respond to exit user processing.

setExitUserUrl(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

Set the URL to respond to exit user processing.

setExitUserUrl(String) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter

Set the URL to respond to exit user processing.

setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice

Deprecated.

setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager

Use this the MethodSecurityExpressionHandler.

setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor

Use this MethodSecurityExpressionHandler.

setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager

Sets the MethodSecurityExpressionHandler.

setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor

Use this MethodSecurityExpressionHandler

setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor

setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor

setExpressionHandler(SecurityExpressionHandler<MethodInvocation>) - Method in class org.springframework.security.authorization.method.MethodExpressionAuthorizationManager

Sets the SecurityExpressionHandler to be used.

setExpressionHandler(SecurityExpressionHandler<Message<T>>) - Method in class org.springframework.security.messaging.access.expression.MessageExpressionVoter

Deprecated.

setExpressionHandler(SecurityExpressionHandler<RequestAuthorizationContext>) - Method in class org.springframework.security.web.access.expression.WebExpressionAuthorizationManager

Sets the SecurityExpressionHandler to be used.

setExpressionHandler(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.web.access.expression.WebExpressionVoter

Deprecated.

setExpressionParser(ExpressionParser) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler

setFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.authentication.AuthenticationFilter

setFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

Used to define custom behaviour when a switch fails.

setFailureUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setFilterAsyncDispatch(boolean) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter

If set to true, the filter will be applied to the async dispatcher.

setFilterChainDecorator(FilterChainProxy.FilterChainDecorator) - Method in class org.springframework.security.web.FilterChainProxy

Used to decorate the original FilterChain for each request

setFilterChainDecorator(WebFilterChainProxy.WebFilterChainDecorator) - Method in class org.springframework.security.web.server.WebFilterChainProxy

Used to decorate the original WebFilterChain for each request

setFilterChainProxySecurityConfigurer(ObjectPostProcessor<Object>, ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration

Sets the <SecurityConfigurer<FilterChainProxy, WebSecurityBuilder> instances used to create the web configuration.

setFilterChainValidator(FilterChainProxy.FilterChainValidator) - Method in class org.springframework.security.web.FilterChainProxy

Used (internally) to specify a validation strategy for the filters in each configured chain.

setFilterErrorDispatch(boolean) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter

If set to true, the filter will be applied to error dispatcher.

setFilterObject(Object) - Method in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations

setFilterProcessesUrl(String) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Sets the URL that determines if authentication is required

setFilterProcessesUrl(String) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter

setFindAllGroupsSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

setFindChildrenQuery(String) - Method in class org.springframework.security.acls.jdbc.JdbcAclService

Allows customization of the SQL query used to find child object identities.

setFindGroupIdSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

setFindUsersInGroupSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

setFirewall(HttpFirewall) - Method in class org.springframework.security.web.FilterChainProxy

Sets the "firewall" implementation which will be used to validate and wrap (or potentially reject) the incoming requests.

setFirewall(ServerWebExchangeFirewall) - Method in class org.springframework.security.web.server.WebFilterChainProxy

Protects the application using the provided StrictServerWebExchangeFirewall.

setForceEagerSessionCreation(boolean) - Method in class org.springframework.security.web.context.SecurityContextPersistenceFilter

Deprecated.

setForceHttps(boolean) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

Set to true to force login form access to be via https.

setForceLowerCasePrefix(boolean) - Method in class org.springframework.security.crypto.password.LdapShaPasswordEncoder

Deprecated.

setForcePrincipalAsString(boolean) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

setForeignKeysInDatabase(boolean) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

setFormLoginEnabled(boolean) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setFormLoginEnabled(boolean) - Method in class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter

setGatewayStorage(GatewayResolver) - Method in class org.springframework.security.cas.web.CasGatewayResolverRequestMatcher

Sets the GatewayResolver to check if the request was already gatewayed.

setGenerateOneTimeTokenUrl(String) - Method in class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter

Specifies the URL that a One-Time Token generate request will be processed.

setGivenName(String) - Method in class org.springframework.security.ldap.userdetails.Person.Essence

setGlobalAuthenticationConfigurers(List<GlobalAuthenticationConfigurerAdapter>) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration

setGraceLoginsRemaining(int) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence

setGroupAuthoritiesByUsernameQuery(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

Allows the default query string used to retrieve group authorities based on username to be overridden, if default table or column names need to be changed.

setGroupAuthoritiesSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

setGroupMemberAttributeName(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

Sets the name of the multi-valued attribute which holds the DNs of users who are members of a group.

setGroupRoleAttribute(String) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

setGroupRoleAttributeName(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

setGroupSearchBase(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

setGroupSearchFilter(String) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

setHasPermission(String) - Method in class org.springframework.security.taglibs.authz.AccessControlListTag

setHeaderName(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

Sets the name of the HTTP header that should be used to provide the token.

setHeaderName(String) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository

Sets the header name that the CsrfToken is expected to appear on and the header that the response will contain the CsrfToken.

setHeaderName(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

Sets the header name

setHeaderName(String) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository

Sets the header name that the CsrfToken is expected to appear on and the header that the response will contain the CsrfToken.

setHeaders(Map<String, List<String>>) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setHeaders(Map<String, List<String>>) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest

setHeadersConverter(Converter<TokenExchangeGrantRequest, HttpHeaders>) - Method in class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequestEntityConverter

Sets the Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a HttpHeaders used in the OAuth 2.0 Access Token Request headers.

setHeadersConverter(Converter<T, HttpHeaders>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractRestClientOAuth2AccessTokenResponseClient

Sets the Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a HttpHeaders used in the OAuth 2.0 Access Token Request headers.

setHeadersConverter(Converter<T, HttpHeaders>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient

Sets the Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a HttpHeaders used in the OAuth 2.0 Access Token Request headers.

setHeaderValue(XXssProtectionHeaderWriter.HeaderValue) - Method in class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter

Sets the value of the X-XSS-PROTECTION header.

setHeaderValue(XXssProtectionServerHttpHeadersWriter.HeaderValue) - Method in class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter

Sets the value of the X-XSS-PROTECTION header.

setHideUserNotFoundExceptions(boolean) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

By default the AbstractUserDetailsAuthenticationProvider throws a BadCredentialsException if a username is not found or the password is incorrect.

setHideUserNotFoundExceptions(boolean) - Method in class org.springframework.security.ldap.authentication.LdapAuthenticationProvider

setHierarchy(String) - Method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl

Deprecated.

Use RoleHierarchyImpl.fromHierarchy(java.lang.String) instead

setHomePhone(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

setHomePostalAddress(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

setHtmlEscape(String) - Method in class org.springframework.security.taglibs.authz.AuthenticationTag

Set HTML escaping for this tag, as boolean value.

setHttpStatus(HttpStatus) - Method in class org.springframework.security.web.server.DefaultServerRedirectStrategy

The HttpStatus to use for the redirect.

setId(String) - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag

setIgnoredMediaTypes(Set<MediaType>) - Method in class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher

Set the MediaType to ignore from the ContentNegotiationStrategy.

setIgnoredMediaTypes(Set<MediaType>) - Method in class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher

Set the MediaType to ignore from the ContentNegotiationStrategy.

setIgnorePartialResultException(boolean) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

Sets the corresponding property on the underlying template, avoiding specific issues with Active Directory.

setIgnoreUnknown(boolean) - Method in class org.springframework.security.authorization.method.PrePostTemplateDefaults

Deprecated.

Configure template resolution to ignore unknown placeholders.

setIgnoreUnknown(boolean) - Method in class org.springframework.security.core.annotation.AnnotationTemplateExpressionDefaults

Configure template resolution to ignore unknown placeholders.

setImportMetadata(AnnotationMetadata) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Deprecated.

Obtains the attributes from EnableGlobalMethodSecurity if this class was imported using the EnableGlobalMethodSecurity annotation.

setImportMetadata(AnnotationMetadata) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration

setIncludeSubDomains(boolean) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter

Deprecated.

If true, the pinning policy applies to this pinned host as well as any subdomains of the host's domain name.

setIncludeSubDomains(boolean) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter

If true, subdomains should be considered HSTS Hosts too.

setIncludeSubDomains(boolean) - Method in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter

Sets if subdomains should be included.

setInitials(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

setInsecureKeyword(String) - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor

setInsertClassSql(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

setInsertEntrySql(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

setInsertGroupAuthoritySql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

setInsertGroupMemberSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

setInsertGroupSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

setInsertObjectIdentitySql(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

setInsertSidSql(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

setInternalMethod(String) - Method in class org.springframework.security.acls.AclEntryVoter

setInvalidateHttpSession(boolean) - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler

Causes the HttpSession to be invalidated when this LogoutHandler is invoked.

setInvalidateSessionOnPrincipalChange(boolean) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

If checkForPrincipalChanges is set, and a change of principal is detected, determines whether any existing session should be invalidated before proceeding to authenticate the new principal.

setInvalidSessionStrategy(InvalidSessionStrategy) - Method in class org.springframework.security.web.session.SessionManagementFilter

Sets the strategy which will be invoked instead of allowing the filter chain to proceed, if the user agent requests an invalid session ID.

setIterations(int) - Method in class org.springframework.security.crypto.password.MessageDigestPasswordEncoder

Deprecated.

Sets the number of iterations for which the calculated hash value should be "stretched".

setJwsAlgorithmResolver(Function<ClientRegistration, JwsAlgorithm>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory

Sets the resolver that provides the expected JWS algorithm used for the signature or MAC on the ID Token.

setJwsAlgorithmResolver(Function<ClientRegistration, JwsAlgorithm>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory

Sets the resolver that provides the expected JWS algorithm used for the signature or MAC on the ID Token.

setJwtAssertionResolver(Function<OAuth2AuthorizationContext, Jwt>) - Method in class org.springframework.security.oauth2.client.JwtBearerOAuth2AuthorizedClientProvider

Sets the resolver used for resolving the Jwt assertion.

setJwtAssertionResolver(Function<OAuth2AuthorizationContext, Mono<Jwt>>) - Method in class org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider

Sets the resolver used for resolving the Jwt assertion.

setJwtAuthenticationConverter(Converter<Jwt, ? extends AbstractAuthenticationToken>) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider

setJwtAuthenticationConverter(Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>>) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager

Use the given Converter for converting a Jwt into an AbstractAuthenticationToken.

setJwtClientAssertionCustomizer(Consumer<NimbusJwtClientAuthenticationParametersConverter.JwtClientAuthenticationContext<T>>) - Method in class org.springframework.security.oauth2.client.endpoint.NimbusJwtClientAuthenticationParametersConverter

Sets the Consumer to be provided the NimbusJwtClientAuthenticationParametersConverter.JwtClientAuthenticationContext, which contains the JwsHeader.Builder and JwtClaimsSet.Builder for further customization.

setJwtDecoderFactory(JwtDecoderFactory<ClientRegistration>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider

Sets the JwtDecoderFactory used for OidcIdToken signature verification.

setJwtDecoderFactory(ReactiveJwtDecoderFactory<ClientRegistration>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager

Sets the ReactiveJwtDecoderFactory used for OidcIdToken signature verification.

setJwtGrantedAuthoritiesConverter(Converter<Jwt, Collection<GrantedAuthority>>) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter

Sets the Converter<Jwt, Collection<GrantedAuthority>> to use.

setJwtGrantedAuthoritiesConverter(Converter<Jwt, Flux<GrantedAuthority>>) - Method in class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverter

Sets the Converter<Jwt, Flux<GrantedAuthority>> to use.

setJwtValidator(OAuth2TokenValidator<Jwt>) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder

Use this Jwt Validator

setJwtValidator(OAuth2TokenValidator<Jwt>) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder

Use the provided OAuth2TokenValidator to validate incoming Jwts.

setJwtValidatorFactory(Function<ClientRegistration, OAuth2TokenValidator<Jwt>>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory

Sets the factory that provides an OAuth2TokenValidator, which is used by the JwtDecoder.

setJwtValidatorFactory(Function<ClientRegistration, OAuth2TokenValidator<Jwt>>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory

Sets the factory that provides an OAuth2TokenValidator, which is used by the ReactiveJwtDecoder.

setKey(String) - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider

Deprecated.

setKey(String) - Method in class org.springframework.security.access.intercept.RunAsManagerImpl

Deprecated.

setKey(String) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider

setKey(String) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint

setKeyStoreFile(File) - Method in class org.springframework.security.ldap.server.ApacheDSContainer

Deprecated.

The keyStore must not be null and must be a valid file.

setLastAccessTime(Instant) - Method in class org.springframework.security.core.session.ReactiveSessionInformation

setLdapAuthoritiesPopulator(LdapAuthoritiesPopulator) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory

Sets the LdapAuthoritiesPopulator used to obtain a list of granted authorities for an LDAP user.

setLdapOverSslEnabled(boolean) - Method in class org.springframework.security.ldap.server.ApacheDSContainer

Deprecated.

If set to true will enable LDAP over SSL (LDAPs).

setLdif(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

Specifies an LDIF to load at startup for an embedded LDAP server.

setLobHandler(LobHandler) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper

setLocales(List<Locale>) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setLocales(List<Locale>) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest

setLocation(URI) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler

Where the user is redirected to upon authentication success

setLoginConfig(Resource) - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider

Set the JAAS login configuration file.

setLoginContextName(String) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider

Set the loginContextName, this name is used as the index to the configuration specified in the loginConfig property.

setLoginExceptionResolver(LoginExceptionResolver) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider

setLoginPageUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setLoginProcessingUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultOneTimeTokenSubmitPageGeneratingFilter

Specifies the URL that the submit form should POST to.

setLoginProcessingUrl(String) - Method in class org.springframework.security.web.server.ui.OneTimeTokenSubmitPageGeneratingWebFilter

Specifies the URL that the submit form should POST to.

setLogInteractiveAuthenticationSuccessEvents(boolean) - Method in class org.springframework.security.authentication.event.LoggerListener

setLoginUrl(String) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint

setLogoutHandler(ServerLogoutHandler) - Method in class org.springframework.security.web.server.authentication.logout.LogoutWebFilter

Sets the ServerLogoutHandler.

setLogoutHandlers(List<LogoutHandler>) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter

Sets the LogoutHandlers used when integrating with HttpServletRequest with Servlet 3 APIs.

setLogoutHandlers(List<LogoutHandler>) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter

Set list of LogoutHandler

setLogoutHandlers(LogoutHandler[]) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter

setLogoutRequestMatcher(RequestMatcher) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter

setLogoutRequestMatcher(RequestMatcher) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter

setLogoutRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter

setLogoutRequestRepository(Saml2LogoutRequestRepository) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter

Use this Saml2LogoutRequestRepository for retrieving the SAML 2.0 Logout Request associated with the request's RelayState

setLogoutRequestRepository(Saml2LogoutRequestRepository) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2RelyingPartyInitiatedLogoutSuccessHandler

Use this Saml2LogoutRequestRepository for saving the SAML 2.0 Logout Request

setLogoutSuccessHandler(ServerLogoutSuccessHandler) - Method in class org.springframework.security.web.server.authentication.logout.LogoutWebFilter

Sets the ServerLogoutSuccessHandler.

setLogoutSuccessUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setLogoutSuccessUrl(URI) - Method in class org.springframework.security.oauth2.client.oidc.web.server.logout.OidcClientInitiatedServerLogoutSuccessHandler

The URL to redirect to after successfully logging out when not originally an OIDC login

setLogoutSuccessUrl(URI) - Method in class org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler

The URL to redirect to after successfully logging out.

setLogoutUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcBackChannelLogoutHandler

Use this logout URI for performing per-session logout.

setLogoutUri(String) - Method in class org.springframework.security.config.web.server.OidcBackChannelServerLogoutHandler

Use this logout URI for performing per-session logout.

setLookupObjectIdentitiesWhereClause(String) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy

The SQL for the where clause used in the lookupObjectIdentities method.

setLookupPrimaryKeysWhereClause(String) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy

The SQL for the where clause used in the lookupPrimaryKey method.

setMail(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

setManagerDn(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

Username (DN) of the "manager" user identity (i.e.

setManagerPassword(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

The password for the manager DN.

setMappableAttributes(Set<String>) - Method in class org.springframework.security.core.authority.mapping.SimpleMappableAttributesRetriever

setMappableRolesRetriever(MappableAttributesRetriever) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource

setMatchingAlgorithm(TokenBasedRememberMeServices.RememberMeTokenAlgorithm) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices

Sets the algorithm to be used to match the token signature

setMatchingRequestParameterName(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setMatchingRequestParameterName(String) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache

Specify the name of a query parameter that is added to the URL that specifies the request cache should be checked in HttpSessionRequestCache.getMatchingRequest(HttpServletRequest, HttpServletResponse)

setMatchingRequestParameterName(String) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache

Specify the name of a query parameter that is added to the URL in WebSessionServerRequestCache.getRedirectUri(ServerWebExchange) and is required for WebSessionServerRequestCache.removeMatchingRequest(ServerWebExchange) to look up the ServerHttpRequest.

setMaxAge(Duration) - Method in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter

Sets the max age of the header.

setMaxAgeInSeconds(long) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter

Deprecated.

Sets the value (in seconds) for the max-age directive of the Public-Key-Pins header.

setMaxAgeInSeconds(long) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter

Sets the value (in seconds) for the max-age directive of the Strict-Transport-Security header.

setMaximumSessions(int) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy

Sets the maxSessions property.

setMaxSearchDepth(int) - Method in class org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator

How far should a nested search go.

setMessageExpessionHandler(List<SecurityExpressionHandler<Message<Object>>>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

Deprecated.

setMessageExpressionHandler(List<SecurityExpressionHandler<Message<Object>>>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

Deprecated.

setMessageSource(MessageSource) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

setMessageSource(MessageSource) - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider

Deprecated.

setMessageSource(MessageSource) - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager

Deprecated.

setMessageSource(MessageSource) - Method in class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider

setMessageSource(MessageSource) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager

setMessageSource(MessageSource) - Method in class org.springframework.security.authentication.AccountStatusUserDetailsChecker

setMessageSource(MessageSource) - Method in class org.springframework.security.authentication.AnonymousAuthenticationProvider

setMessageSource(MessageSource) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

setMessageSource(MessageSource) - Method in class org.springframework.security.authentication.ProviderManager

setMessageSource(MessageSource) - Method in class org.springframework.security.authentication.RememberMeAuthenticationProvider

setMessageSource(MessageSource) - Method in class org.springframework.security.authorization.ObservationAuthorizationManager

Set the MessageSource that this object runs in.

setMessageSource(MessageSource) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider

setMessageSource(MessageSource) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

setMessageSource(MessageSource) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

setMessageSource(MessageSource) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator

setMessageSource(MessageSource) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter

setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor

setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy

Sets the MessageSource used for reporting errors back to the user when the user has exceeded the maximum number of authentications.

setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter

setMetadataFilename(String) - Method in class org.springframework.security.saml2.provider.service.web.metadata.RequestMatcherMetadataResponseResolver

Sets the metadata filename template.

setMetadataFilename(String) - Method in class org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter

Sets the metadata filename template containing the {registrationId} template variable.

setMethod(String) - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag

setMethod(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setMethod(String) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest

setMethod(HttpMethod) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher

setMethodSecurityExpressionHandler(List<MethodSecurityExpressionHandler>) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Deprecated.

setMigrateSessionAttributes(boolean) - Method in class org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy

Defines whether attributes should be migrated to a new session or not.

setMobile(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

setMode(XFrameOptionsServerHttpHeadersWriter.Mode) - Method in class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter

Sets the X-Frame-Options mode.

setNonceValiditySeconds(int) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint

setO(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

setOauth2AuthenticationUrlToClientName(Map<String, String>) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setOauth2AuthenticationUrlToClientName(Map<String, String>) - Method in class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter

setOauth2LoginEnabled(boolean) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setOauth2UserService(OAuth2UserService<OAuth2UserRequest, OAuth2User>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService

Sets the OAuth2UserService used when requesting the user info resource.

setOauth2UserService(ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService

setObjectIdentityGenerator(ObjectIdentityGenerator) - Method in class org.springframework.security.acls.AclPermissionEvaluator

setObjectIdentityGenerator(ObjectIdentityGenerator) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy

setObjectIdentityGenerator(ObjectIdentityGenerator) - Method in class org.springframework.security.acls.jdbc.JdbcAclService

setObjectIdentityPrimaryKeyQuery(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy) - Method in class org.springframework.security.acls.AclEntryVoter

setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy) - Method in class org.springframework.security.acls.AclPermissionCacheOptimizer

setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy) - Method in class org.springframework.security.acls.AclPermissionEvaluator

setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy) - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider

setObjectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration

setObjectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Deprecated.

setObjectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

Deprecated.

setObservationConvention(ObservationConvention<AuthenticationObservationContext>) - Method in class org.springframework.security.authentication.ObservationAuthenticationManager

Use the provided convention for reporting observation data

setObservationConvention(ObservationConvention<AuthenticationObservationContext>) - Method in class org.springframework.security.authentication.ObservationReactiveAuthenticationManager

Use the provided convention for reporting observation data

setObservationConvention(ObservationConvention<AuthorizationObservationContext<?>>) - Method in class org.springframework.security.authorization.ObservationAuthorizationManager

Use the provided convention for reporting observation data

setObservationConvention(ObservationConvention<AuthorizationObservationContext<?>>) - Method in class org.springframework.security.authorization.ObservationReactiveAuthorizationManager

Use the provided convention for reporting observation data

setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean

setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean

setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.FilterChainDecoratorFactory

setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.RequestRejectedHandlerPostProcessor

setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor

setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor

setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor

setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor

setObserveOncePerRequest(boolean) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter

Sets whether this filter apply only once per request.

setObserveOncePerRequest(boolean) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor

Deprecated.

setOidcUserMapper(BiFunction<OidcUserRequest, OidcUserInfo, OidcUser>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService

Sets the BiFunction used to map the user from the user request and user info.

setOidcUserMapper(BiFunction<OidcUserRequest, OidcUserInfo, Mono<OidcUser>>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService

Sets the BiFunction used to map the user from the user request and user info.

setOneTimeTokenEnabled(boolean) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setOneTimeTokenEnabled(boolean) - Method in class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter

Set if one-time token login is supported.

setOneTimeTokenGenerationUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setOrder(int) - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor

setOrder(int) - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor

setOrder(int) - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor

setOrder(int) - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor

setOrder(int) - Method in class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor

setOrder(int) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor

setOrder(int) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor

setOrder(int) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor

setOrder(int) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor

setOrder(int) - Method in class org.springframework.security.rsocket.authentication.AnonymousPayloadInterceptor

setOrder(int) - Method in class org.springframework.security.rsocket.authentication.AuthenticationPayloadInterceptor

setOrder(int) - Method in class org.springframework.security.rsocket.authorization.AuthorizationPayloadInterceptor

setOrder(int) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider

setOrder(int) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint

setOrderByClause(String) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy

The SQL for the "order by" clause used in both queries.

setOu(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

setOwner(Sid) - Method in class org.springframework.security.acls.domain.AclImpl

setOwner(Sid) - Method in interface org.springframework.security.acls.model.MutableAcl

Changes the present owner to a different owner.

setOwner(Sid) - Method in interface org.springframework.security.acls.model.OwnershipAcl

setPageContext(PageContext) - Method in class org.springframework.security.taglibs.authz.AuthenticationTag

setPageContext(PageContext) - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag

setParameter(String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

Sets the name of the parameter which should be checked for to see if a remember-me has been requested during a login request.

setParameterName(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

Sets the name of the HTTP request parameter that should be used to provide a token.

setParameterName(String) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository

Sets the HttpServletRequest parameter name that the CsrfToken is expected to appear on

setParameterName(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

Sets the parameter name

setParameterName(String) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository

Sets the HttpServletRequest parameter name that the CsrfToken is expected to appear on

setParameterNameDiscoverer(ParameterNameDiscoverer) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler

Sets the ParameterNameDiscoverer to use.

setParameterNameDiscoverer(ParameterNameDiscoverer) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor

Sets the ParameterNameDiscoverer.

setParameters(Map<String, String[]>) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setParameters(Map<String, String[]>) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest

setParametersConverter(Converter<TokenExchangeGrantRequest, MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequestEntityConverter

Sets the Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a MultiValueMap of the parameters used in the OAuth 2.0 Access Token Request body.

setParametersConverter(Converter<T, MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractRestClientOAuth2AccessTokenResponseClient

Sets the Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a MultiValueMap used in the OAuth 2.0 Access Token Request body.

setParametersConverter(Converter<T, MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient

Sets the Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a MultiValueMap used in the OAuth 2.0 Access Token Request body.

setParametersCustomizer(Consumer<MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractRestClientOAuth2AccessTokenResponseClient

Sets the Consumer used for customizing the OAuth 2.0 Access Token parameters, which allows for parameters to be added, overwritten or removed.

setParametersCustomizer(Consumer<MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient

Sets the Consumer used for customizing the OAuth 2.0 Access Token parameters, which allows for parameters to be added, overwritten or removed.

setParent(Tag) - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag

setParent(Acl) - Method in class org.springframework.security.acls.domain.AclImpl

setParent(Acl) - Method in interface org.springframework.security.acls.model.MutableAcl

Changes the parent of this ACL.

setPasskeysEnabled(boolean) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setPassword(String) - Method in class org.springframework.security.core.userdetails.memory.UserAttribute

setPassword(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence

setPasswordAlreadyEncoded(boolean) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter

setPasswordAttribute(String) - Method in class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory

The attribute in the directory which contains the user password.

setPasswordAttributeName(String) - Method in class org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator

setPasswordAttributeName(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

setPasswordAttributeName(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper

The name of the attribute which contains the user's password.

setPasswordEncoder(PasswordEncoder) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager

The PasswordEncoder that is used for validating the password.

setPasswordEncoder(PasswordEncoder) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider

Sets the PasswordEncoder instance to be used to encode and validate passwords.

setPasswordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory

Specifies the PasswordEncoder to be used when authenticating with password comparison.

setPasswordEncoder(PasswordEncoder) - Method in class org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator

setPasswordParameter(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setPasswordParameter(String) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

Sets the parameter name which will be used to obtain the password from the login request..

setPasswordParameter(String) - Method in class org.springframework.security.web.server.ServerFormLoginAuthenticationConverter

Deprecated.

The parameter name of the form data to extract the password

setPathInfo(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setPathInfo(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder

setPermissionCacheOptimizer(PermissionCacheOptimizer) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler

setPermissionEvaluator(PermissionEvaluator) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler

setPermissionEvaluator(PermissionEvaluator) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot

setPermissionEvaluator(PermissionEvaluator) - Method in class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension

Sets the PermissionEvaluator to be used.

setPermissionFactory(PermissionFactory) - Method in class org.springframework.security.acls.AclPermissionEvaluator

setPermissionFactory(PermissionFactory) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy

Sets the PermissionFactory instance which will be used to convert loaded permission data values to Permissions.

setPins(Map<String, String>) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter

Deprecated.

Sets the value for the pin- directive of the Public-Key-Pins header.

setPointcut(Pointcut) - Method in class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor

setPolicy(String) - Method in class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter

Sets the policy to be used in the response header.

setPolicy(String) - Method in class org.springframework.security.web.server.header.PermissionsPolicyServerHttpHeadersWriter

Set the policy to be used in the response header.

setPolicy(CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy) - Method in class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter

Sets the CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy value to be used in the Cross-Origin-Embedder-Policy header

setPolicy(CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy) - Method in class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter

Sets the CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy value to be used in the Cross-Origin-Opener-Policy header

setPolicy(CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy) - Method in class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter

Sets the CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy value to be used in the Cross-Origin-Resource-Policy header

setPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy) - Method in class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter

Sets the policy to be used in the response header.

setPolicy(CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy) - Method in class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter

Sets the CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy value to be used in the Cross-Origin-Embedder-Policy header

setPolicy(CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy) - Method in class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter

Sets the CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy value to be used in the Cross-Origin-Opener-Policy header

setPolicy(CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy) - Method in class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter

Sets the CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy value to be used in the Cross-Origin-Embedder-Policy header

setPolicy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy) - Method in class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter

Set the policy to be used in the response header.

setPolicyDirectives(String) - Method in class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter

Sets the security policy directive(s) to be used in the response header.

setPolicyDirectives(String) - Method in class org.springframework.security.web.header.writers.FeaturePolicyHeaderWriter

Set the security policy directive(s) to be used in the response header.

setPolicyDirectives(String) - Method in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter

Set the policy directive(s) to be used in the response header.

setPolicyDirectives(String) - Method in class org.springframework.security.web.server.header.FeaturePolicyServerHttpHeadersWriter

Set the policy directive(s) to be used in the response header.

setPort(int) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

The port to connect to LDAP to (the default is 33389 or random available port if unavailable).

setPort(int) - Method in class org.springframework.security.ldap.server.ApacheDSContainer

Deprecated.

setPort(int) - Method in interface org.springframework.security.ldap.server.EmbeddedLdapServerContainer

The embedded LDAP server port to connect to.

setPort(int) - Method in class org.springframework.security.ldap.server.UnboundIdContainer

setPort(int) - Method in class org.springframework.security.web.util.RedirectUrlBuilder

setPortMapper(PortMapper) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint

setPortMapper(PortMapper) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

setPortMapper(PortMapper) - Method in class org.springframework.security.web.PortResolverImpl

setPortMapper(PortMapper) - Method in class org.springframework.security.web.server.transport.HttpsRedirectWebFilter

Use this PortMapper for mapping custom ports

setPortMappings(Map<String, String>) - Method in class org.springframework.security.web.PortMapperImpl

Set to override the default HTTP port to HTTPS port mappings of 80:443, and 8080:8443.

setPortResolver(PortResolver) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint

setPortResolver(PortResolver) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

setPortResolver(PortResolver) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache

setPostalAddress(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

setPostalCode(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

setPostAuthenticationChecks(UserDetailsChecker) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager

Sets the strategy which will be used to validate the loaded UserDetails object after authentication occurs.

setPostAuthenticationChecks(UserDetailsChecker) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

setPostLogoutRedirectUri(String) - Method in class org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler

Set the post logout redirect uri template.

setPostLogoutRedirectUri(String) - Method in class org.springframework.security.oauth2.client.oidc.web.server.logout.OidcClientInitiatedServerLogoutSuccessHandler

Set the post logout redirect uri template.

setPostOnly(boolean) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

Defines whether only HTTP POST requests will be allowed by this filter.

setPreAuthenticatedUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider

Set the AuthenticatedUserDetailsService to be used to load the UserDetails for the authenticated user.

setPreAuthenticationChecks(UserDetailsChecker) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

Sets the policy will be used to verify the status of the loaded UserDetails before validation of the credentials takes place.

setPrefix(String) - Method in class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper

Sets the prefix which should be added to the authority name (if it doesn't already exist)

setPreload(boolean) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter

If true, preload will be included in HSTS Header.

setPreload(boolean) - Method in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter

Sets if preload should be included.

setPrincipalClaimName(String) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter

Sets the principal claim name.

setPrincipalClaimName(String) - Method in class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverter

Sets the principal claim name.

setPrincipalEnvironmentVariable(String) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter

setPrincipalExtractor(X509PrincipalExtractor) - Method in class org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter

setPrincipalRequestHeader(String) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter

setPrincipalResolver(OAuth2ClientHttpRequestInterceptor.PrincipalResolver) - Method in class org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor

Sets the strategy for resolving a principal from an intercepted request.

setProcessConfigAttribute(String) - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider

setProcessDomainObjectClass(Class<?>) - Method in class org.springframework.security.access.vote.AbstractAclVoter

Deprecated.

setProcessDomainObjectClass(Class<?>) - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider

setProperty(String) - Method in class org.springframework.security.taglibs.authz.AuthenticationTag

setProtectedFieldValue(String, Object, Object) - Static method in class org.springframework.security.util.FieldUtils

setProviders(List<?>) - Method in class org.springframework.security.access.intercept.AfterInvocationProviderManager

Deprecated.

setProxyAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter

Sets the AuthenticationFailureHandler for proxy requests.

setProxyGrantingTicketStorage(ProxyGrantingTicketStorage) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter

setProxyReceptorUrl(String) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter

setPseudoRandomNumberBytes(int) - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService

setPublishAuthorizationSuccess(boolean) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

Only AuthorizationFailureEvent will be published.

setQuery(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder

setQueryString(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setRealm(String) - Method in class org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint

Sets the realm to be used

setRealmName(String) - Method in class org.springframework.security.oauth2.server.resource.web.access.BearerTokenAccessDeniedHandler

Set the default realm name to use in the bearer token error response

setRealmName(String) - Method in class org.springframework.security.oauth2.server.resource.web.access.server.BearerTokenServerAccessDeniedHandler

Set the default realm name to use in the bearer token error response

setRealmName(String) - Method in class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint

Set the default realm name to use in the bearer token error response

setRealmName(String) - Method in class org.springframework.security.oauth2.server.resource.web.server.BearerTokenServerAuthenticationEntryPoint

setRealmName(String) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint

setRealmName(String) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint

setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint

Sets the RedirectStrategy to use

setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter

Set the RedirectStrategy used to redirect to the saved request if there is one saved.

setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint

Sets the strategy to be used for redirecting to the required channel URL.

setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

Allows overriding of the behaviour when redirecting to a target URL.

setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler

Allows overriding of the behaviour when redirecting to a target URL.

setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter

Deprecated.

use ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy) instead.

setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.session.RequestedUrlRedirectInvalidSessionStrategy

Sets the redirect strategy to use.

setRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint

Sets the RedirectStrategy to use.

setRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler

Sets the RedirectStrategy to use.

setRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler

The RedirectStrategy to use.

setRedirectUrl(String) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest

setRefreshConfigurationOnStartup(boolean) - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider

If set, a call to Configuration#refresh() will be made by #configureJaas(Resource) method.

setRejectPublicInvocations(boolean) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

By rejecting public invocations (and setting this property to true), essentially you are ensuring that every secure object invocation advised by AbstractSecurityInterceptor has a configuration attribute defined.

setRelyingPartyRegistrationId(String) - Method in class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal

setRememberMeClass(Class<? extends Authentication>) - Method in class org.springframework.security.authentication.AuthenticationTrustResolverImpl

setRememberMeParameter(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setRememberMeServices(RememberMeServices) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

setRememberMeServices(RememberMeServices) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter

setRenameGroupSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

setReportOnly(boolean) - Method in class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter

If true, includes the Content-Security-Policy-Report-Only header in the response, otherwise, defaults to the Content-Security-Policy header.

setReportOnly(boolean) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter

Deprecated.

To get a Public-Key-Pins header you should set this to false, otherwise the header will be Public-Key-Pins-Report-Only.

setReportOnly(boolean) - Method in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter

Set whether to include the Content-Security-Policy-Report-Only header in the response.

setReportUri(String) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter

Deprecated.

Sets the URI to which the browser should report pin validation failures.

setReportUri(URI) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter

Deprecated.

Sets the URI to which the browser should report pin validation failures.

setRequest(HttpServletRequest) - Method in class org.springframework.security.web.context.HttpRequestResponseHolder

Deprecated.

setRequestCache(RequestCache) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter

The RequestCache used to retrieve the saved request in failed gateway authentication scenarios.

setRequestCache(RequestCache) - Method in class org.springframework.security.cas.web.CasGatewayAuthenticationRedirectFilter

Sets the RequestCache used to store the current request to be replayed after redirect from the CAS server.

setRequestCache(RequestCache) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter

Sets the RequestCache used for loading a previously saved request (if available) and replaying it after completing the processing of the OAuth 2.0 Authorization Response.

setRequestCache(RequestCache) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter

Sets the RequestCache used for storing the current request before redirecting the OAuth 2.0 Authorization Request.

setRequestCache(RequestCache) - Method in class org.springframework.security.web.authentication.HttpMessageConverterAuthenticationSuccessHandler

Sets the RequestCache to use.

setRequestCache(RequestCache) - Method in class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler

setRequestCache(ServerRequestCache) - Method in class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationCodeGrantWebFilter

Sets the ServerRequestCache used for loading a previously saved request (if available) and replaying it after completing the processing of the OAuth 2.0 Authorization Response.

setRequestCache(ServerRequestCache) - Method in class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter

The request cache to use to save the request before sending a redirect.

setRequestCache(ServerRequestCache) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint

The request cache to use to save the request before sending a redirect.

setRequestCache(ServerRequestCache) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler

Sets the ServerRequestCache used to redirect to.

setRequestCache(ServerRequestCache) - Method in class org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter

setRequestEntityConverter(Converter<String, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector

Deprecated.

Sets the Converter used for converting the OAuth 2.0 access token to a RequestEntity representation of the OAuth 2.0 token introspection request.

setRequestEntityConverter(Converter<String, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector

Sets the Converter used for converting the OAuth 2.0 access token to a RequestEntity representation of the OAuth 2.0 token introspection request.

setRequestEntityConverter(Converter<JwtBearerGrantRequest, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultJwtBearerTokenResponseClient

Deprecated.

Sets the Converter used for converting the JwtBearerGrantRequest to a RequestEntity representation of the OAuth 2.0 Access Token Request.

setRequestEntityConverter(Converter<OAuth2AuthorizationCodeGrantRequest, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient

Deprecated.

Sets the Converter used for converting the OAuth2AuthorizationCodeGrantRequest to a RequestEntity representation of the OAuth 2.0 Access Token Request.

setRequestEntityConverter(Converter<OAuth2ClientCredentialsGrantRequest, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultClientCredentialsTokenResponseClient

Deprecated.

Sets the Converter used for converting the OAuth2ClientCredentialsGrantRequest to a RequestEntity representation of the OAuth 2.0 Access Token Request.

setRequestEntityConverter(Converter<OAuth2PasswordGrantRequest, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultPasswordTokenResponseClient

Deprecated.

Sets the Converter used for converting the OAuth2PasswordGrantRequest to a RequestEntity representation of the OAuth 2.0 Access Token Request.

setRequestEntityConverter(Converter<OAuth2RefreshTokenGrantRequest, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultRefreshTokenTokenResponseClient

Deprecated.

Sets the Converter used for converting the OAuth2RefreshTokenGrantRequest to a RequestEntity representation of the OAuth 2.0 Access Token Request.

setRequestEntityConverter(Converter<TokenExchangeGrantRequest, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultTokenExchangeTokenResponseClient

Deprecated.

Sets the Converter used for converting the TokenExchangeGrantRequest to a RequestEntity representation of the OAuth 2.0 Access Token Request.

setRequestEntityConverter(Converter<OAuth2UserRequest, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService

Sets the Converter used for converting the OAuth2UserRequest to a RequestEntity representation of the UserInfo Request.

setRequestHandler(CsrfTokenRequestHandler) - Method in class org.springframework.security.web.csrf.CsrfAuthenticationStrategy

Specify a CsrfTokenRequestHandler to use for making the CsrfToken available as a request attribute.

setRequestHandler(CsrfTokenRequestHandler) - Method in class org.springframework.security.web.csrf.CsrfFilter

Specifies a CsrfTokenRequestHandler that is used to make the CsrfToken available as a request attribute.

setRequestHandler(ServerCsrfTokenRequestHandler) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter

Specifies a ServerCsrfTokenRequestHandler that is used to make the CsrfToken available as an exchange attribute.

setRequestMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.authentication.ott.GenerateOneTimeTokenWebFilter

Use the given ServerWebExchangeMatcher to match the request.

setRequestMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.ui.OneTimeTokenSubmitPageGeneratingWebFilter

Use this ServerWebExchangeMatcher to choose whether this filter will handle the request.

setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.cas.web.CasGatewayAuthenticationRedirectFilter

Sets the RequestMatcher used to trigger this filter.

setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.saml2.provider.service.web.metadata.RequestMatcherMetadataResponseResolver

Use this RequestMatcher to identity which requests to generate metadata for.

setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter

Set the RequestMatcher that determines whether this filter should handle the incoming HttpServletRequest

setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.AuthenticationFilter

setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.ott.GenerateOneTimeTokenFilter

Use the given RequestMatcher to match the request.

setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.ui.DefaultOneTimeTokenSubmitPageGeneratingFilter

Use this RequestMatcher to choose whether this filter will handle the request.

setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter

Sets the RequestMatcher used to determine if the "Strict-Transport-Security" should be added.

setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache

Allows selective use of saved requests for a subset of requests.

setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache

Allows selective use of saved requests for a subset of requests.

setRequestOptionsRepository(PublicKeyCredentialRequestOptionsRepository) - Method in class org.springframework.security.web.webauthn.authentication.PublicKeyCredentialRequestOptionsFilter

Sets the PublicKeyCredentialRequestOptionsRepository to use.

setRequestOptionsRepository(PublicKeyCredentialRequestOptionsRepository) - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationFilter

Sets the PublicKeyCredentialRequestOptionsRepository to use.

setRequestRejectedHandler(RequestRejectedHandler) - Method in class org.springframework.security.web.FilterChainProxy

Sets the RequestRejectedHandler to be used for requests rejected by the firewall.

setRequestTransformer(AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer) - Method in class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator

Set a AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer to be used prior to passing to the AuthorizationManager.

setRequestURI(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setRequestURL(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setRequireCsrfProtectionMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter

setRequireCsrfProtectionMatcher(RequestMatcher) - Method in class org.springframework.security.web.csrf.CsrfFilter

Specifies a RequestMatcher that is used to determine if CSRF protection should be applied.

setRequiresAuthenticationMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter

Sets the matcher used to determine when creating an Authentication from AuthenticationWebFilter.setServerAuthenticationConverter(ServerAuthenticationConverter) to be authentication.

setRequiresAuthenticationRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

setRequiresAuthenticationRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

Sets the request matcher to check whether to proceed the request further.

setRequiresHttpsRedirectMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.transport.HttpsRedirectWebFilter

Use this ServerWebExchangeMatcher to narrow which requests are redirected to HTTPS.

setRequiresLogoutMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.authentication.logout.LogoutWebFilter

setResolveHeaders(Function<HttpServletRequest, Map<String, String>>) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

Sets a Function used to resolve a Map of the HTTP headers where the key is the name of the header and the value is the value of the header.

setResolveHiddenInputs(Function<HttpServletRequest, Map<String, String>>) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

Sets a Function used to resolve a Map of the hidden inputs where the key is the name of the input and the value is the value of the input.

setResolveHiddenInputs(Function<HttpServletRequest, Map<String, String>>) - Method in class org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter

Sets a Function used to resolve a Map of the hidden inputs where the key is the name of the input and the value is the value of the input.

setResolveHiddenInputs(Function<HttpServletRequest, Map<String, String>>) - Method in class org.springframework.security.web.authentication.ui.DefaultOneTimeTokenSubmitPageGeneratingFilter

Sets a Function used to resolve a Map of the hidden inputs where the key is the name of the input and the value is the value of the input.

setResource(Resource) - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean

Sets a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

setResource(Resource) - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean

Sets a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

setResource(Resource) - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean

Sets a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean

setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean

setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.crypto.RsaKeyConversionServicePostProcessor

setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean

setResourceLoader(ResourceLoader) - Method in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever

setResourceLocation(String) - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean

Sets the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

setResourceLocation(String) - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean

Sets the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

setResourceLocation(String) - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean

Sets the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

setResponse(HttpServletResponse) - Method in class org.springframework.security.web.context.HttpRequestResponseHolder

Deprecated.

setRestClient(RestClient) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractRestClientOAuth2AccessTokenResponseClient

Sets the RestClient used when requesting the OAuth 2.0 Access Token Response.

setRestClient(RestClient) - Method in class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiPasswordChecker

Sets the RestClient to use when making requests to Have I Been Pwned REST API.

setRestOperations(RestOperations) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient

Deprecated.

Sets the RestOperations used when requesting the OAuth 2.0 Access Token Response.

setRestOperations(RestOperations) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultClientCredentialsTokenResponseClient

Deprecated.

Sets the RestOperations used when requesting the OAuth 2.0 Access Token Response.

setRestOperations(RestOperations) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultJwtBearerTokenResponseClient

Deprecated.

Sets the RestOperations used when requesting the OAuth 2.0 Access Token Response.

setRestOperations(RestOperations) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultPasswordTokenResponseClient

Deprecated.

Sets the RestOperations used when requesting the OAuth 2.0 Access Token Response.

setRestOperations(RestOperations) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultRefreshTokenTokenResponseClient

Deprecated.

Sets the RestOperations used when requesting the OAuth 2.0 Access Token Response.

setRestOperations(RestOperations) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultTokenExchangeTokenResponseClient

Deprecated.

Sets the RestOperations used when requesting the OAuth 2.0 Access Token Response.

setRestOperations(RestOperations) - Method in class org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService

Sets the RestOperations used when requesting the UserInfo resource.

setRethrowAuthenticationServiceException(boolean) - Method in class org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler

Set whether to rethrow AuthenticationServiceExceptions (defaults to true)

setRethrowAuthenticationServiceException(boolean) - Method in class org.springframework.security.web.server.authentication.ServerAuthenticationEntryPointFailureHandler

Set whether to rethrow AuthenticationServiceExceptions (defaults to true)

setRetrieveUserInfo(Predicate<OidcUserRequest>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService

Sets the Predicate used to determine if the UserInfo Endpoint should be called to retrieve information about the End-User (Resource Owner).

setRetrieveUserInfo(Predicate<OidcUserRequest>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService

Sets the Predicate used to determine if the UserInfo Endpoint should be called to retrieve information about the End-User (Resource Owner).

setReturningAttributes(String[]) - Method in class org.springframework.security.ldap.search.FilterBasedLdapUserSearch

Specifies the attributes that will be returned as part of the search.

setReturnObject(Object) - Method in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations

setReturnObject(Object, EvaluationContext) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler

setReturnObject(Object, EvaluationContext) - Method in interface org.springframework.security.access.expression.method.MethodSecurityExpressionHandler

Used to inform the expression system of the return object for the given evaluation context.

setRoleAttributes(String[]) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper

The names of any attributes in the user's entry which represent application roles.

setRoleHierarchy(RoleHierarchy) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler

setRoleHierarchy(RoleHierarchy) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot

setRoleHierarchy(RoleHierarchy) - Method in class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl

Sets the RoleHierarchy to use.

setRoleHierarchy(RoleHierarchy) - Method in class org.springframework.security.authorization.AuthoritiesAuthorizationManager

Sets the RoleHierarchy to be used.

setRoleHierarchy(RoleHierarchy) - Method in class org.springframework.security.authorization.AuthorityAuthorizationManager

Sets the RoleHierarchy to be used.

setRoleHierarchy(RoleHierarchy) - Method in class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension

Sets the RoleHierarchy to be used.

setRoleMapper(AttributesMapper) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

setRolePrefix(String) - Method in class org.springframework.security.access.intercept.RunAsManagerImpl

Deprecated.

Allows the default role prefix of ROLE_ to be overridden.

setRolePrefix(String) - Method in class org.springframework.security.access.vote.RoleVoter

Deprecated.

Allows the default role prefix of ROLE_ to be overridden.

setRolePrefix(String) - Method in class org.springframework.security.authorization.method.Jsr250AuthorizationManager

Sets the role prefix.

setRolePrefix(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

Allows a default role prefix to be specified.

setRolePrefix(String) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

Sets the prefix which will be prepended to the values loaded from the directory.

setRolePrefix(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

Sets the role prefix used when converting authorities.

setRolePrefix(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper

The prefix that should be applied to the role names

setRolePrefix(String) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter

setRoomNumber(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

setRoot(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

Optional root suffix for the embedded LDAP server.

setRunAsManager(RunAsManager) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

setSaml2AuthenticationUrlToProviderName(Map<String, String>) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setSaml2LoginEnabled(boolean) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setSaveRequestMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache

Sets the matcher to determine if the request should be saved.

setSaveRequestMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache

Sets the matcher to determine if the request should be saved.

setScheduler(Scheduler) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager

Sets the Scheduler used by the UserDetailsRepositoryReactiveAuthenticationManager.

setScheduler(Scheduler) - Method in class org.springframework.security.authentication.ReactiveAuthenticationManagerAdapter

Set a scheduler that will be published on to perform the authentication logic.

setScheme(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setScheme(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder

setScope(String) - Method in class org.springframework.security.taglibs.authz.AuthenticationTag

setSearchControls(SearchControls) - Method in class org.springframework.security.ldap.SpringSecurityLdapTemplate

Sets the search controls which will be used for search operations by the template.

setSearchFilter(String) - Method in class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider

The LDAP filter string to search for the user being authenticated.

setSearchSubtree(boolean) - Method in class org.springframework.security.ldap.search.FilterBasedLdapUserSearch

If true then searches the entire subtree as identified by context, if false (the default) then only searches the level identified by the context.

setSearchSubtree(boolean) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

If set to true, a subtree scope search will be performed.

setSearchTimeLimit(int) - Method in class org.springframework.security.ldap.search.FilterBasedLdapUserSearch

The time to wait before the search fails; the default is zero, meaning forever.

setSecure(boolean) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

Deprecated.

Use CookieServerCsrfTokenRepository.setCookieCustomizer(Consumer) instead.

setSecure(Boolean) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

Deprecated.

Use CookieCsrfTokenRepository.setCookieCustomizer(Consumer) instead.

setSecureKeyword(String) - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor

setSecureRandom(SecureRandom) - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService

setSecureRandom(SecureRandom) - Method in class org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler

Specifies the SecureRandom used to generate random bytes that are used to mask the value of the CsrfToken on each request.

setSecureRandom(SecureRandom) - Method in class org.springframework.security.web.server.csrf.XorServerCsrfTokenRequestAttributeHandler

Specifies the SecureRandom used to generate random bytes that are used to mask the value of the CsrfToken on each request.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextCallable

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutor

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextRunnable

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.AuthenticationFilter

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.NullSecurityContextRepository

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper

Deprecated.

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.SecurityContextHolderFilter

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.SecurityContextPersistenceFilter

Deprecated.

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.FilterChainProxy

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.session.SessionManagementFilter

Sets the SecurityContextHolderStrategy to use.

setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.webauthn.authentication.PublicKeyCredentialRequestOptionsFilter

Sets the SecurityContextHolderStrategy to use.

setSecurityContextRepository(HttpServletRequest, SecurityContextRepository) - Static method in class org.springframework.security.test.web.support.WebTestUtils

Sets the SecurityContextRepository for the specified HttpServletRequest.

setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter

setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter

Sets the SecurityContextRepository to save the SecurityContext on authentication success.

setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Sets the SecurityContextRepository to save the SecurityContext on authentication success.

setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.AuthenticationFilter

Sets the SecurityContextRepository to save the SecurityContext on authentication success.

setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler

Sets the SecurityContextRepository to use.

setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

Sets the SecurityContextRepository to save the SecurityContext on authentication success.

setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter

Sets the SecurityContextRepository to save the SecurityContext on authentication success.

setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

Sets the SecurityContextRepository to save the SecurityContext on switch user success.

setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter

Sets the SecurityContextRepository to save the SecurityContext on authentication success.

setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter

Sets the SecurityContextRepository to save the SecurityContext on authentication success.

setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter

Sets the SecurityContextRepository to use.

setSecurityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter

Sets the repository for persisting the SecurityContext.

setSecurityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler

Sets the ServerSecurityContextRepository that should be used for logging out.

setSecurityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter

Sets the repository for persisting the SecurityContext.

setSecurityInterceptor(AbstractSecurityInterceptor) - Method in class org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator

Deprecated.

setSecurityMetadataSource(MethodSecurityMetadataSource) - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor

Deprecated.

setSecurityMetadataSource(FilterInvocationSecurityMetadataSource) - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter

setSecurityMetadataSource(FilterInvocationSecurityMetadataSource) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor

Deprecated.

setSeed(Resource) - Method in class org.springframework.security.core.token.SecureRandomFactoryBean

Allows the user to specify a resource which will act as a seed for the SecureRandom instance.

setSelectClause(String) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy

The SQL for the select clause.

setSendRenew(boolean) - Method in class org.springframework.security.cas.ServiceProperties

setSeriesLength(int) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices

setServerAuthenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter

Sets the strategy used for converting from a ServerWebExchange to an Authentication used for authenticating with the provided ReactiveAuthenticationManager.

setServerInteger(Integer) - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService

setServerName(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setServerName(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder

setServerPort(int) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setServerSecret(String) - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService

setService(String) - Method in class org.springframework.security.cas.ServiceProperties

setServiceParameter(String) - Method in class org.springframework.security.cas.ServiceProperties

setServiceProperties(ServiceProperties) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider

setServiceProperties(ServiceProperties) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint

setServiceProperties(ServiceProperties) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter

setServletContext(ServletContext) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

setServletContext(ServletContext) - Method in class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator

setServletContext(ServletContext) - Method in class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator

Deprecated.

setServletContext(ServletContext) - Method in class org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator

setServletPath(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder

setServletPath(String) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher

The servlet path to match on.

setServletPath(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder

setSessionAttributeName(String) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository

Sets the HttpSession attribute name that the CsrfToken is stored in

setSessionAttributeName(String) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository

Sets the HttpSession attribute name that the CsrfToken is stored in

setSessionAttrName(String) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache

If the sessionAttrName property is set, the request is stored in the session using this attribute name.

setSessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

The session handling strategy which will be invoked immediately after an authentication request is successfully processed by the AuthenticationManager.

setSessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter

The session handling strategy which will be invoked immediately after an authentication request is successfully processed by the AuthenticationManager.

setSessionCookieName(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcBackChannelLogoutHandler

Use this cookie name for the session identifier.

setSessionCookieName(String) - Method in class org.springframework.security.config.web.server.OidcBackChannelServerLogoutHandler

Use this cookie name for the session identifier.

setSessionLimit(SessionLimit) - Method in class org.springframework.security.web.server.authentication.ConcurrentSessionControlServerAuthenticationSuccessHandler

Sets the strategy used to resolve the maximum number of sessions that are allowed for a specific Authentication.

setSharedObject(Class<C>, C) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Sets an object that is shared by multiple SecurityConfigurer.

setSharedObject(Class<C>, C) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

setSharedObject(Class<C>, C) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder

Sets an object that is shared by multiple SecurityConfigurer.

setShouldFilterAllDispatcherTypes(boolean) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter

Deprecated, for removal: This API element is subject to removal in a future version.

Permit access to the DispatcherType instead.

 @Configuration
 @EnableWebSecurity
 public class SecurityConfig {

        @Bean
        public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
                http
                        .authorizeHttpRequests((authorize) -> authorize
                                .dispatcherTypeMatchers(DispatcherType.ERROR).permitAll()
                                // ...
                        );
                return http.build();
        }
 }
 

setShouldWriteHeadersEagerly(boolean) - Method in class org.springframework.security.web.header.HeaderWriterFilter

Allow writing headers at the beginning of the request.

setSidIdentityQuery(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

Sets the query that will be used to retrieve the identity of a newly created row in the acl_sid table.

setSidPrimaryKeyQuery(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

setSidRetrievalStrategy(SidRetrievalStrategy) - Method in class org.springframework.security.acls.AclEntryVoter

setSidRetrievalStrategy(SidRetrievalStrategy) - Method in class org.springframework.security.acls.AclPermissionCacheOptimizer

setSidRetrievalStrategy(SidRetrievalStrategy) - Method in class org.springframework.security.acls.AclPermissionEvaluator

setSidRetrievalStrategy(SidRetrievalStrategy) - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider

setSidRetrievalStrategy(SidRetrievalStrategy) - Method in class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl

setSn(String) - Method in class org.springframework.security.ldap.userdetails.Person.Essence

setSpringSecurityContextAttrName(String) - Method in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository

Sets the session attribute name used to save and load the SecurityContext

setSpringSecurityContextKey(String) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository

Allows the session attribute name to be customized for this repository instance.

setStatelessTicketCache(StatelessTicketCache) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider

setStatusCode(HttpStatus) - Method in class org.springframework.security.web.DefaultRedirectStrategy

Sets the HTTP status code to use.

setStrategyName(String) - Static method in class org.springframework.security.core.context.SecurityContextHolder

Changes the preferred strategy.

setStreet(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

setStringSeparator(String) - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper

setSubjectDnRegex(String) - Method in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor

Sets the regular expression which will by used to extract the user name from the certificate's Subject DN.

setSubjectTokenResolver(Function<OAuth2AuthorizationContext, OAuth2Token>) - Method in class org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider

Sets the resolver used for resolving the subject token.

setSubjectTokenResolver(Function<OAuth2AuthorizationContext, Mono<OAuth2Token>>) - Method in class org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider

Sets the resolver used for resolving the subject token.

setSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.AuthenticationFilter

setSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

Used to define custom behaviour on a successful switch or exit user.

setSwitchAuthorityRole(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

Allows the role of the switchAuthority to be customized.

setSwitchFailureUrl(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

Sets the URL to which a user should be redirected if the switch fails.

setSwitchUserAuthorityChanger(SwitchUserAuthorityChanger) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

setSwitchUserMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter

Set the matcher to respond to switch user processing.

setSwitchUserMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

Set the matcher to respond to switch user processing.

setSwitchUserUrl(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

Set the URL to respond to switch user processing.

setSwitchUserUrl(String) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter

Set the URL to respond to switch user processing.

setTargetUrl(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

Sets the URL to go to after a successful switch / exit user request.

setTargetUrlParameter(String) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

If this property is set, the current request will be checked for this a parameter with this name and the value used as the target URL if present.

setTargetVisitor(AuthorizationAdvisorProxyFactory.TargetVisitor) - Method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory

Use this visitor to navigate the proxy target's hierarchy.

setTelephoneNumber(String) - Method in class org.springframework.security.ldap.userdetails.Person.Essence

setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager

Deprecated.

Please use PostAuthorizeAuthorizationManager.setTemplateDefaults(AnnotationTemplateExpressionDefaults) instead

setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager

Configure pre/post-authorization template resolution

setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor

Deprecated.

Please use AnnotationTemplateExpressionDefaults instead

setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor

Configure pre/post-authorization template resolution

setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager

Deprecated.

Please use PreAuthorizeAuthorizationManager.setTemplateDefaults(AnnotationTemplateExpressionDefaults) instead

setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager

Configure pre/post-authorization template resolution

setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor

Deprecated.

Please use PreFilterAuthorizationMethodInterceptor.setTemplateDefaults(AnnotationTemplateExpressionDefaults) instead

setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor

Configure pre/post-authorization template resolution

setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager

Configure pre/post-authorization template resolution

setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager

Configure pre/post-authorization template resolution

setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor

Configure pre/post-authorization template resolution

setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor

Configure pre/post-authorization template resolution

setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager

Configure pre/post-authorization template resolution

setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager

Configure pre/post-authorization template resolution

setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor

Configure pre/post-authorization template resolution

setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor

Configure pre/post-authorization template resolution

setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver

Configure AuthenticationPrincipal template resolution

setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.messaging.handler.invocation.reactive.AuthenticationPrincipalArgumentResolver

Configure AuthenticationPrincipal template resolution

setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.messaging.handler.invocation.reactive.CurrentSecurityContextArgumentResolver

Configure CurrentSecurityContext template resolution

setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver

Configure AuthenticationPrincipal template resolution

setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver

Configure CurrentSecurityContext template resolution

setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver

Configure AuthenticationPrincipal template resolution

setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver

Configure CurrentSecurityContext template resolution

setThrowableAnalyzer(ThrowableAnalyzer) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter

setThrowExceptionWhenTokenRejected(boolean) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider

If true, causes the provider to throw a BadCredentialsException if the presented authentication request is invalid (contains a null principal or credentials).

setTicketValidator(TicketValidator) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider

setTimeBeforeExpiration(int) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence

setTitle(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

setTokenFromMultipartDataEnabled(boolean) - Method in class org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler

Specifies if the ServerCsrfTokenRequestResolver should try to resolve the actual CSRF token from the body of multipart data requests.

setTokenLength(int) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices

setTokenValiditySeconds(int) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

setTokenValiditySeconds(int) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices

setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler

Sets the AuthenticationTrustResolver to be used.

setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot

setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.authorization.AuthenticatedAuthorizationManager

Sets the AuthenticationTrustResolver to be used.

setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension

Sets the AuthenticationTrustResolver to be used.

setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.messaging.access.expression.DefaultMessageSecurityExpressionHandler

setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler

Sets the AuthenticationTrustResolver to be used.

setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler

Sets the AuthenticationTrustResolver to be used.

setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository

Sets the AuthenticationTrustResolver to be used.

setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter

Sets the AuthenticationTrustResolver to be used.

setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.session.SessionManagementFilter

Sets the AuthenticationTrustResolver to be used.

setUid(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence

setUnsafeAllowAnyHttpMethod(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall

Sets if any HTTP method is allowed.

setUnsafeAllowAnyHttpMethod(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

Sets if any HTTP method is allowed.

setup() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec

setup() - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatchers

SETUP - Enum constant in enum class org.springframework.security.rsocket.api.PayloadExchangeType

The Setup.

setupBefore() - Element in annotation interface org.springframework.security.test.context.support.WithAnonymousUser

Determines when the SecurityContext is setup.

setupBefore() - Element in annotation interface org.springframework.security.test.context.support.WithMockUser

Determines when the SecurityContext is setup.

setupBefore() - Element in annotation interface org.springframework.security.test.context.support.WithSecurityContext

Determines when the SecurityContext is setup.

setupBefore() - Element in annotation interface org.springframework.security.test.context.support.WithUserDetails

Determines when the SecurityContext is setup.

setUpdateObjectIdentity(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

setUpdateUserSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

setupModule(Module.SetupContext) - Method in class org.springframework.security.cas.jackson2.CasJackson2Module

setupModule(Module.SetupContext) - Method in class org.springframework.security.jackson2.CoreJackson2Module

setupModule(Module.SetupContext) - Method in class org.springframework.security.ldap.jackson2.LdapJackson2Module

setupModule(Module.SetupContext) - Method in class org.springframework.security.oauth2.client.jackson2.OAuth2ClientJackson2Module

setupModule(Module.SetupContext) - Method in class org.springframework.security.saml2.jackson2.Saml2Jackson2Module

setupModule(Module.SetupContext) - Method in class org.springframework.security.web.jackson2.WebJackson2Module

setupModule(Module.SetupContext) - Method in class org.springframework.security.web.jackson2.WebServletJackson2Module

setupModule(Module.SetupContext) - Method in class org.springframework.security.web.server.jackson2.WebServerJackson2Module

setupModule(Module.SetupContext) - Method in class org.springframework.security.web.webauthn.jackson.WebauthnJackson2Module

setUrl(String) - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag

setUseAuthenticationRequestCredentials(boolean) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

Determines whether the supplied password will be used as the credentials in the successful authentication token.

setUseEquals(boolean) - Method in class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher

If set to true, matches on exact MediaType, else uses MediaType.isCompatibleWith(MediaType).

setUseEquals(boolean) - Method in class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher

If set to true, matches on exact MediaType, else uses MediaType.isCompatibleWith(MediaType).

setUseForward(boolean) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

Tells if we are to do a forward to the loginFormUrl using the RequestDispatcher, instead of a 302 redirect.

setUseForward(boolean) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler

If set to true, performs a forward to the failure destination URL instead of a redirect.

setUsePasswordAttrCompare(boolean) - Method in class org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator

setUsePasswordModifyExtensionOperation(boolean) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

Sets the method by which a user's password gets modified.

setUserAttributes(String[]) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator

Sets the user attributes which will be retrieved from the directory.

setUserCache(UserCache) - Method in class org.springframework.security.authentication.CachingUserDetailsService

setUserCache(UserCache) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

setUserCache(UserCache) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

Optionally sets the UserCache if one is in use in the application.

setUserCache(UserCache) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter

setUserDetailsChecker(UserDetailsChecker) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider

Sets the UserDetailsChecker to be used for checking the status of retrieved user details.

setUserDetailsChecker(UserDetailsChecker) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider

Sets the strategy which will be used to validate the loaded UserDetails object for the user.

setUserDetailsChecker(UserDetailsChecker) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

Sets the strategy to be used to validate the UserDetails object obtained for the user when processing a remember-me cookie to automatically log in a user.

setUserDetailsChecker(UserDetailsChecker) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

Sets the UserDetailsChecker that is called on the target user whenever the user is switched.

setUserDetailsContextMapper(UserDetailsContextMapper) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory

Sets a custom strategy to be used for creating the UserDetails which will be stored as the principal in the Authentication.

setUserDetailsContextMapper(UserDetailsContextMapper) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

Allows a custom strategy to be used for creating the UserDetails which will be stored as the principal in the Authentication returned by the AbstractLdapAuthenticationProvider.createSuccessfulAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken, org.springframework.security.core.userdetails.UserDetails) method.

setUserDetailsMapper(UserDetailsContextMapper) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

setUserDetailsMapper(UserDetailsContextMapper) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsService

setUserDetailsPasswordService(ReactiveUserDetailsPasswordService) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager

Sets the service to use for upgrading passwords on successful authentication.

setUserDetailsPasswordService(UserDetailsPasswordService) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider

setUserDetailsService(UserDetailsService) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider

setUserDetailsService(UserDetailsService) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider

setUserDetailsService(UserDetailsService) - Method in class org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper

Set the wrapped UserDetailsService implementation

setUserDetailsService(UserDetailsService) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

Sets the authentication data access object.

setUserDetailsService(UserDetailsService) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter

setUserDnPatterns(String...) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory

If your users are at a fixed location in the directory (i.e.

setUserDnPatterns(String[]) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator

Sets the pattern which will be used to supply a DN for the user.

setUseReferer(boolean) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler

If set to true the Referer header will be used (if available).

setUserExistsSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

setUsername(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence

setUsernameBasedPrimaryKey(boolean) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

If true (the default), indicates the JdbcDaoImpl.getUsersByUsernameQuery() returns a username in response to a query.

setUsernameMapper(LdapUsernameToDnMapper) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

setUsernameParameter(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

Allows the parameter containing the username to be customized.

setUsernameParameter(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter

setUsernameParameter(String) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

Sets the parameter name which will be used to obtain the username from the login request.

setUsernameParameter(String) - Method in class org.springframework.security.web.server.ServerFormLoginAuthenticationConverter

Deprecated.

The parameter name of the form data to extract the username

setUserRoles2GrantedAuthoritiesMapper(Attributes2GrantedAuthoritiesMapper) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource

setUsersByUsernameQuery(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

Allows the default query string used to retrieve users based on username to be overridden, if default table or column names need to be changed.

setUserSearch(LdapUserSearch) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator

setUserSearchBase(String) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory

Search base for user searches.

setUserSearchFilter(String) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory

The LDAP filter used to search for users (optional).

setUseSecureCookie(boolean) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

Whether the cookie should be flagged as secure or not.

setValidateConfigAttributes(boolean) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor

Deprecated.

setVar(String) - Method in class org.springframework.security.taglibs.authz.AccessControlListTag

setVar(String) - Method in class org.springframework.security.taglibs.authz.AuthenticationTag

setVar(String) - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag

setWebAuthnManager(WebAuthnManager) - Method in class org.springframework.security.web.webauthn.management.Webauthn4JRelyingPartyOperations

Sets the WebAuthnManager to use.

setWebClient(WebClient) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient

Sets the WebClient used when requesting the OAuth 2.0 Access Token Response.

setWebClient(WebClient) - Method in class org.springframework.security.oauth2.client.userinfo.DefaultReactiveOAuth2UserService

Sets the WebClient used for retrieving the user endpoint

setWebClient(WebClient) - Method in class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiReactivePasswordChecker

Sets the WebClient to use when making requests to Have I Been Pwned REST API.

setWebSphereGroups2GrantedAuthoritiesMapper(Attributes2GrantedAuthoritiesMapper) - Method in class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedWebAuthenticationDetailsSource

setWorkingDirectory(File) - Method in class org.springframework.security.ldap.server.ApacheDSContainer

Deprecated.

sha(byte[]) - Static method in class org.springframework.security.core.token.Sha512DigestUtils

Calculates the SHA digest and returns the value as a byte[].

sha(String) - Static method in class org.springframework.security.core.token.Sha512DigestUtils

Calculates the SHA digest and returns the value as a byte[].

SHA256 - Enum constant in enum class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.RememberMeTokenAlgorithm

Sha512DigestUtils - Class in org.springframework.security.core.token

Provides SHA512 digest methods.

Sha512DigestUtils() - Constructor for class org.springframework.security.core.token.Sha512DigestUtils

shaHex(byte[]) - Static method in class org.springframework.security.core.token.Sha512DigestUtils

Calculates the SHA digest and returns the value as a hex string.

shaHex(String) - Static method in class org.springframework.security.core.token.Sha512DigestUtils

Calculates the SHA digest and returns the value as a hex string.

shared(int) - Static method in class org.springframework.security.crypto.keygen.KeyGenerators

Create a BytesKeyGenerator that returns a single, shared SecureRandom key of a custom length.

shouldFilterAllDispatcherTypes(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry

Deprecated, for removal: This API element is subject to removal in a future version.

Permit access to the DispatcherType instead.

 @Configuration
 @EnableWebSecurity
 public class SecurityConfig {

        @Bean
        public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
                http
                        .authorizeHttpRequests((authorize) -> authorize
                                .dispatcherTypeMatchers(DispatcherType.ERROR).permitAll()
                                // ...
                        );
                return http.build();
        }
 }
 

shouldNotFilter(HttpServletRequest) - Method in class org.springframework.security.web.csrf.CsrfFilter

shouldObserveAuthentications() - Method in class org.springframework.security.config.observation.SecurityObservationSettings

shouldObserveAuthentications(boolean) - Method in class org.springframework.security.config.observation.SecurityObservationSettings.Builder

shouldObserveAuthorizations() - Method in class org.springframework.security.config.observation.SecurityObservationSettings

shouldObserveAuthorizations(boolean) - Method in class org.springframework.security.config.observation.SecurityObservationSettings.Builder

shouldObserveRequests() - Method in class org.springframework.security.config.observation.SecurityObservationSettings

shouldObserveRequests(boolean) - Method in class org.springframework.security.config.observation.SecurityObservationSettings.Builder

showDefaultSubmitPage(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer

Configures whether the default one-time token submit page should be shown.

showDefaultSubmitPage(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec

Configures whether the default one-time token submit page should be shown.

shutdown() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService

shutdownNow() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService

Sid - Interface in org.springframework.security.acls.model

A security identity recognised by the ACL system.

SID - Static variable in class org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimNames

sid - the session id for the OIDC provider

sidRetrievalStrategy - Variable in class org.springframework.security.acls.afterinvocation.AbstractAclProvider

SidRetrievalStrategy - Interface in org.springframework.security.acls.model

Strategy interface that provides an ability to determine the Sid instances applicable for an Authentication.

SidRetrievalStrategyImpl - Class in org.springframework.security.acls.domain

Basic implementation of SidRetrievalStrategy that creates a Sid for the principal, as well as every granted authority the principal holds.

SidRetrievalStrategyImpl() - Constructor for class org.springframework.security.acls.domain.SidRetrievalStrategyImpl

SidRetrievalStrategyImpl(RoleHierarchy) - Constructor for class org.springframework.security.acls.domain.SidRetrievalStrategyImpl

SIG_ALG - Static variable in class org.springframework.security.saml2.core.Saml2ParameterNames

SigAlg - used to communicate which signature algorithm to use to verify signature

sigAlg(String) - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest.Builder

Sets the SigAlg parameter that will accompany this AuthNRequest

signature(String) - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest.Builder

Sets the Signature parameter that will accompany this AuthNRequest

signature(Bytes) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder

Set the AuthenticatorAssertionResponse.getSignature() property

SIGNATURE - Static variable in class org.springframework.security.saml2.core.Saml2ParameterNames

Signature - used to supply cryptographic signature on any SAML 2.0 payload

signatureAlgorithm(SignatureAlgorithm) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.PublicKeyJwtDecoderBuilder

Use the given signing algorithm.

signatureAlgorithm(SignatureAlgorithm) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder

Use the given signing algorithm.

SignatureAlgorithm - Enum Class in org.springframework.security.oauth2.jose.jws

An enumeration of the cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification and used by JSON Web Signature (JWS) to digitally sign the contents of the JWS Protected Header and JWS Payload.

signatureCount(long) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder

signing(PrivateKey, X509Certificate) - Static method in class org.springframework.security.saml2.core.Saml2X509Credential

Create a Saml2X509Credential that can be used for signing.

SIGNING - Enum constant in enum class org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType

signingAlgorithms(Consumer<List<String>>) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder

Apply this Consumer to the list of SigningMethod Algorithms

signingAlgorithms(Consumer<List<String>>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder

Apply this Consumer to the list of SigningMethod Algorithms

signingAlgorithms(Consumer<List<String>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder

Apply this Consumer to the list of SigningMethod Algorithms

signingX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder

Deprecated.

signingX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder

Apply this Consumer to the Collection of Saml2X509Credentials for the purposes of modifying the Collection

SimpDestinationMessageMatcher - Class in org.springframework.security.messaging.util.matcher

MessageMatcher which compares a pre-defined pattern against the destination of a Message.

SimpDestinationMessageMatcher(String) - Constructor for class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher

Creates a new instance with the specified pattern, null SimpMessageType (matches any type), and a AntPathMatcher created from the default constructor.

SimpDestinationMessageMatcher(String, PathMatcher) - Constructor for class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher

Creates a new instance with the specified pattern and PathMatcher.

simpDestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Deprecated.

Maps a List of SimpDestinationMessageMatcher instances without regard to the SimpMessageType.

simpDestMatchers(String...) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder

Maps a List of SimpDestinationMessageMatcher instances without regard to the SimpMessageType.

simpDestPathMatcher(Supplier<PathMatcher>) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder

The PathMatcher to be used with the MessageMatcherDelegatingAuthorizationManager.Builder.simpDestMatchers(String...).

simpDestPathMatcher(PathMatcher) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Deprecated.

The PathMatcher to be used with the MessageSecurityMetadataSourceRegistry.simpDestMatchers(String...).

simpDestPathMatcher(PathMatcher) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder

The PathMatcher to be used with the MessageMatcherDelegatingAuthorizationManager.Builder.simpDestMatchers(String...).

SimpleAttributes2GrantedAuthoritiesMapper - Class in org.springframework.security.core.authority.mapping

This class implements the Attributes2GrantedAuthoritiesMapper interface by doing a one-to-one mapping from roles to Spring Security GrantedAuthorities.

SimpleAttributes2GrantedAuthoritiesMapper() - Constructor for class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper

simpleAuthentication(Customizer<RSocketSecurity.SimpleAuthenticationSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity

Adds support for validating a username and password using Simple Authentication

SimpleAuthenticationEncoder - Class in org.springframework.security.rsocket.metadata

Encodes Simple Authentication.

SimpleAuthenticationEncoder() - Constructor for class org.springframework.security.rsocket.metadata.SimpleAuthenticationEncoder

SimpleAuthorityMapper - Class in org.springframework.security.core.authority.mapping

Simple one-to-one GrantedAuthoritiesMapper which allows for case conversion of the authority name and the addition of a string prefix (which defaults to ROLE_ ).

SimpleAuthorityMapper() - Constructor for class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper

SimpleGrantedAuthority - Class in org.springframework.security.core.authority

Basic concrete implementation of a GrantedAuthority.

SimpleGrantedAuthority(String) - Constructor for class org.springframework.security.core.authority.SimpleGrantedAuthority

SimpleGrantedAuthorityMixin - Class in org.springframework.security.jackson2

Jackson Mixin class helps in serialize/deserialize SimpleGrantedAuthority.

SimpleGrantedAuthorityMixin(String) - Constructor for class org.springframework.security.jackson2.SimpleGrantedAuthorityMixin

Mixin Constructor.

SimpleMappableAttributesRetriever - Class in org.springframework.security.core.authority.mapping

This class implements the MappableAttributesRetriever interface by just returning a list of mappable attributes as previously set using the corresponding setter method.

SimpleMappableAttributesRetriever() - Constructor for class org.springframework.security.core.authority.mapping.SimpleMappableAttributesRetriever

SimpleMethodInvocation - Class in org.springframework.security.util

Represents the AOP Alliance MethodInvocation.

SimpleMethodInvocation() - Constructor for class org.springframework.security.util.SimpleMethodInvocation

SimpleMethodInvocation(Object, Method, Object...) - Constructor for class org.springframework.security.util.SimpleMethodInvocation

SimpleRedirectInvalidSessionStrategy - Class in org.springframework.security.web.session

Performs a redirect to a fixed URL when an invalid requested session is detected by the SessionManagementFilter.

SimpleRedirectInvalidSessionStrategy(String) - Constructor for class org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy

SimpleRedirectSessionInformationExpiredStrategy - Class in org.springframework.security.web.session

Performs a redirect to a fixed URL when an expired session is detected by the ConcurrentSessionFilter.

SimpleRedirectSessionInformationExpiredStrategy(String) - Constructor for class org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy

SimpleRedirectSessionInformationExpiredStrategy(String, RedirectStrategy) - Constructor for class org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy

SimpleSavedRequest - Class in org.springframework.security.web.savedrequest

A Bean implementation of SavedRequest

SimpleSavedRequest() - Constructor for class org.springframework.security.web.savedrequest.SimpleSavedRequest

SimpleSavedRequest(String) - Constructor for class org.springframework.security.web.savedrequest.SimpleSavedRequest

SimpleSavedRequest(SavedRequest) - Constructor for class org.springframework.security.web.savedrequest.SimpleSavedRequest

SimpleUrlAuthenticationFailureHandler - Class in org.springframework.security.web.authentication

AuthenticationFailureHandler which performs a redirect to the value of the defaultFailureUrl property when the onAuthenticationFailure method is called.

SimpleUrlAuthenticationFailureHandler() - Constructor for class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler

SimpleUrlAuthenticationFailureHandler(String) - Constructor for class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler

SimpleUrlAuthenticationSuccessHandler - Class in org.springframework.security.web.authentication

AuthenticationSuccessHandler which can be configured with a default URL which users should be sent to upon successful authentication.

SimpleUrlAuthenticationSuccessHandler() - Constructor for class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler

SimpleUrlAuthenticationSuccessHandler(String) - Constructor for class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler

Constructor which sets the defaultTargetUrl property of the base class.

SimpleUrlLogoutSuccessHandler - Class in org.springframework.security.web.authentication.logout

Handles the navigation on logout by delegating to the AbstractAuthenticationTargetUrlRequestHandler base class logic.

SimpleUrlLogoutSuccessHandler() - Constructor for class org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler

simpMessageDestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Deprecated.

Maps a List of SimpDestinationMessageMatcher instances that match on SimpMessageType.MESSAGE.

simpMessageDestMatchers(String...) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder

Maps a List of SimpDestinationMessageMatcher instances that match on SimpMessageType.MESSAGE.

SimpMessageTypeMatcher - Class in org.springframework.security.messaging.util.matcher

A MessageMatcher that matches if the provided Message has a type that is the same as the SimpMessageType that was specified in the constructor.

SimpMessageTypeMatcher(SimpMessageType) - Constructor for class org.springframework.security.messaging.util.matcher.SimpMessageTypeMatcher

Creates a new instance

simpSubscribeDestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Deprecated.

Maps a List of SimpDestinationMessageMatcher instances that match on SimpMessageType.SUBSCRIBE.

simpSubscribeDestMatchers(String...) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder

Maps a List of SimpDestinationMessageMatcher instances that match on SimpMessageType.SUBSCRIBE.

simpTypeMatchers(SimpMessageType...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Deprecated.

Maps a List of SimpDestinationMessageMatcher instances.

simpTypeMatchers(SimpMessageType...) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder

Maps a List of SimpDestinationMessageMatcher instances.

singleLogoutServiceBinding(Saml2MessageBinding) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder

Set the SingleLogoutService Binding

singleLogoutServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder

Set the SingleLogoutService Binding

singleLogoutServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder

Deprecated.

singleLogoutServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder

Set the SingleLogoutService Binding

singleLogoutServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder

Set the SingleLogoutService Binding

singleLogoutServiceBindings(Consumer<Collection<Saml2MessageBinding>>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder

Deprecated.

singleLogoutServiceBindings(Consumer<Collection<Saml2MessageBinding>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder

Apply this Consumer to the Collection of Saml2MessageBindings for the purposes of modifying the SingleLogoutService Binding Collection.

singleLogoutServiceLocation(String) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder

Set the SingleLogoutService Location

singleLogoutServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder

Set the SingleLogoutService Location

singleLogoutServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder

Deprecated.

singleLogoutServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder

Set the SingleLogoutService Location

singleLogoutServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder

Set the SingleLogoutService Location

singleLogoutServiceResponseLocation(String) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder

Set the SingleLogoutService Response Location

singleLogoutServiceResponseLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder

Set the SingleLogoutService Response Location

singleLogoutServiceResponseLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder

Deprecated.

singleLogoutServiceResponseLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder

Set the SingleLogoutService Response Location

singleLogoutServiceResponseLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder

Set the SingleLogoutService Response Location

singleSignOnServiceBinding(Saml2MessageBinding) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder

Set the SingleSignOnService Binding.

singleSignOnServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder

Set the SingleSignOnService Binding.

singleSignOnServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder

Set the SingleSignOnService Binding.

singleSignOnServiceLocation(String) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder

Set the SingleSignOnService Location.

singleSignOnServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder

Set the SingleSignOnService Location.

singleSignOnServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder

Set the SingleSignOnService Location.

skipExchange(ServerWebExchange) - Static method in class org.springframework.security.web.server.csrf.CsrfWebFilter

skipRequest(HttpServletRequest) - Static method in class org.springframework.security.web.csrf.CsrfFilter

SMART_CARD - Static variable in class org.springframework.security.web.webauthn.api.AuthenticatorTransport

smart-card indicates the respective authenticator can be contacted over ISO/IEC 7816 smart card with contacts.

spliterator() - Method in class org.springframework.security.saml2.provider.service.registration.CachingRelyingPartyRegistrationRepository

SPRING_SECURITY_CONTEXT_KEY - Static variable in class org.springframework.security.web.context.HttpSessionSecurityContextRepository

The default key under which the security context will be stored in the session.

SPRING_SECURITY_FILTER_CHAIN - Static variable in class org.springframework.security.config.BeanIds

External alias for FilterChainProxy bean, for use in web.xml files

SPRING_SECURITY_FORM_PASSWORD_KEY - Static variable in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

SPRING_SECURITY_FORM_USERNAME_KEY - Static variable in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY - Static variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

SPRING_SECURITY_SWITCH_USERNAME_KEY - Static variable in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

SPRING_SECURITY_SWITCH_USERNAME_KEY - Static variable in class org.springframework.security.web.server.authentication.SwitchUserWebFilter

SpringAuthorizationEventPublisher - Class in org.springframework.security.authorization

An implementation of AuthorizationEventPublisher that uses Spring's event publishing support.

SpringAuthorizationEventPublisher(ApplicationEventPublisher) - Constructor for class org.springframework.security.authorization.SpringAuthorizationEventPublisher

Construct this publisher using Spring's ApplicationEventPublisher

SpringCacheBasedAclCache - Class in org.springframework.security.acls.domain

Simple implementation of AclCache that delegates to Cache implementation.

SpringCacheBasedAclCache(Cache, PermissionGrantingStrategy, AclAuthorizationStrategy) - Constructor for class org.springframework.security.acls.domain.SpringCacheBasedAclCache

SpringCacheBasedTicketCache - Class in org.springframework.security.cas.authentication

Caches tickets using a Spring IoC defined Cache.

SpringCacheBasedTicketCache(Cache) - Constructor for class org.springframework.security.cas.authentication.SpringCacheBasedTicketCache

SpringCacheBasedUserCache - Class in org.springframework.security.core.userdetails.cache

Caches UserDetails instances in a Spring defined Cache.

SpringCacheBasedUserCache(Cache) - Constructor for class org.springframework.security.core.userdetails.cache.SpringCacheBasedUserCache

SpringOpaqueTokenIntrospector - Class in org.springframework.security.oauth2.server.resource.introspection

A Spring implementation of OpaqueTokenIntrospector that verifies and introspects a token using the configured OAuth 2.0 Introspection Endpoint.

SpringOpaqueTokenIntrospector(String, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector

Creates a OpaqueTokenAuthenticationProvider with the provided parameters

SpringOpaqueTokenIntrospector(String, RestOperations) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector

Creates a OpaqueTokenAuthenticationProvider with the provided parameters The given RestOperations should perform its own client authentication against the introspection endpoint.

SpringReactiveOpaqueTokenIntrospector - Class in org.springframework.security.oauth2.server.resource.introspection

A Spring implementation of ReactiveOpaqueTokenIntrospector that verifies and introspects a token using the configured OAuth 2.0 Introspection Endpoint.

SpringReactiveOpaqueTokenIntrospector(String, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.SpringReactiveOpaqueTokenIntrospector

Creates a OpaqueTokenReactiveAuthenticationManager with the provided parameters

SpringReactiveOpaqueTokenIntrospector(String, WebClient) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.SpringReactiveOpaqueTokenIntrospector

Creates a OpaqueTokenReactiveAuthenticationManager with the provided parameters

springSecurity() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers

Sets up Spring Security's WebTestClient test support

springSecurity() - Static method in class org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers

Configures the MockMvcBuilder for use with Spring Security.

springSecurity(Filter) - Static method in class org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers

Configures the MockMvcBuilder for use with Spring Security.

SpringSecurityAuthenticationSource - Class in org.springframework.security.ldap.authentication

An AuthenticationSource to retrieve authentication information stored in Spring Security's SecurityContextHolder.

SpringSecurityAuthenticationSource() - Constructor for class org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource

SpringSecurityCoreVersion - Class in org.springframework.security.core

Internal class used for checking version compatibility in a deployed application.

springSecurityFilterChain() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration

Creates the Spring Security Filter Chain

SpringSecurityLdapTemplate - Class in org.springframework.security.ldap

Extension of Spring LDAP's LdapTemplate class which adds extra functionality required by Spring Security.

SpringSecurityLdapTemplate(ContextSource) - Constructor for class org.springframework.security.ldap.SpringSecurityLdapTemplate

SpringSecurityMessageSource - Class in org.springframework.security.core

The default MessageSource used by Spring Security.

SpringSecurityMessageSource() - Constructor for class org.springframework.security.core.SpringSecurityMessageSource

standard(CharSequence, CharSequence) - Static method in class org.springframework.security.crypto.encrypt.Encryptors

Creates a standard password-based bytes encryptor using 256 bit AES encryption.

StandardClaimAccessor - Interface in org.springframework.security.oauth2.core.oidc

A ClaimAccessor for the "Standard Claims" that can be returned either in the UserInfo Response or the ID Token.

StandardClaimNames - Class in org.springframework.security.oauth2.core.oidc

The names of the "Standard Claims" defined by the OpenID Connect Core 1.0 specification that can be returned either in the UserInfo Response or the ID Token.

StandardPasswordEncoder - Class in org.springframework.security.crypto.password

Deprecated.

Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use DelegatingPasswordEncoder which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.

StandardPasswordEncoder() - Constructor for class org.springframework.security.crypto.password.StandardPasswordEncoder

Deprecated.

Constructs a standard password encoder with no additional secret value.

StandardPasswordEncoder(CharSequence) - Constructor for class org.springframework.security.crypto.password.StandardPasswordEncoder

Deprecated.

Constructs a standard password encoder with a secret value which is also included in the password hash.

start() - Method in class org.springframework.security.ldap.server.ApacheDSContainer

Deprecated.

start() - Method in class org.springframework.security.ldap.server.UnboundIdContainer

state(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder

Sets the state.

state(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder

Sets the state.

STATE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

state - used in Authorization Request and Authorization Response.

stateful(Object) - Static method in class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken

stateless(Object) - Static method in class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken

STATELESS - Enum constant in enum class org.springframework.security.config.http.SessionCreationPolicy

Spring Security will never create an HttpSession and it will never use it to obtain the SecurityContext

StatelessTicketCache - Interface in org.springframework.security.cas.authentication

Caches CAS service tickets and CAS proxy tickets for stateless connections.

StaticAllowFromStrategy - Class in org.springframework.security.web.header.writers.frameoptions

Deprecated.

ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.

StaticAllowFromStrategy(URI) - Constructor for class org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy

Deprecated.

StaticHeadersWriter - Class in org.springframework.security.web.header.writers

HeaderWriter implementation which writes the same Header instance.

StaticHeadersWriter(String, String...) - Constructor for class org.springframework.security.web.header.writers.StaticHeadersWriter

Creates a new instance with a single header

StaticHeadersWriter(List<Header>) - Constructor for class org.springframework.security.web.header.writers.StaticHeadersWriter

Creates a new instance

StaticServerHttpHeadersWriter - Class in org.springframework.security.web.server.header

Allows specifying HttpHeaders that should be written to the response.

StaticServerHttpHeadersWriter(HttpHeaders) - Constructor for class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter

StaticServerHttpHeadersWriter.Builder - Class in org.springframework.security.web.server.header

statusError() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse

Returns true if the Authorization Request failed, otherwise false.

statusOk() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse

Returns true if the Authorization Request succeeded, otherwise false.

stop() - Method in class org.springframework.security.ldap.server.ApacheDSContainer

Deprecated.

stop() - Method in class org.springframework.security.ldap.server.UnboundIdContainer

STORAGE - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive

STORAGE - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive

streetAddress(String) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder

Sets the full street address, which may include house number, street name, P.O.

STRICT_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy

STRICT_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy

STRICT_ORIGIN_WHEN_CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy

STRICT_ORIGIN_WHEN_CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy

STRICT_TRANSPORT_SECURITY - Static variable in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter

StrictHttpFirewall - Class in org.springframework.security.web.firewall

A strict implementation of HttpFirewall that rejects any suspicious requests with a RequestRejectedException.

StrictHttpFirewall() - Constructor for class org.springframework.security.web.firewall.StrictHttpFirewall

StrictServerWebExchangeFirewall - Class in org.springframework.security.web.server.firewall

A strict implementation of ServerWebExchangeFirewall that rejects any suspicious requests with a ServerExchangeRejectedException.

StrictServerWebExchangeFirewall() - Constructor for class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall

StrictTransportSecurityServerHttpHeadersWriter - Class in org.springframework.security.web.server.header

Writes the Strict-Transport-Security if the request is secure.

StrictTransportSecurityServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter

string() - Static method in class org.springframework.security.crypto.keygen.KeyGenerators

Creates a StringKeyGenerator that hex-encodes SecureRandom keys of 8 bytes in length.

StringKeyGenerator - Interface in org.springframework.security.crypto.keygen

A generator for unique string keys.

stronger(CharSequence, CharSequence) - Static method in class org.springframework.security.crypto.encrypt.Encryptors

Creates a standard password-based bytes encryptor using 256 bit AES encryption with Galois Counter Mode (GCM).

SUB - Static variable in class org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimNames

sub - the Subject identifier

SUB - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames

sub - Usually a machine-readable identifier of the resource owner who authorized the token

SUB - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames

sub - the Subject identifier

SUB - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames

sub - the Subject identifier

SUB - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames

sub - the Subject claim identifies the principal that is the subject of the JWT

subArray(byte[], int, int) - Static method in class org.springframework.security.crypto.util.EncodingUtils

Extract a sub array of bytes out of the byte array.

subject(String) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder

Use this subject in the resulting OidcLogoutToken

subject(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder

Use this subject in the resulting OidcIdToken

subject(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Use this subject in the resulting OidcUserInfo

subject(String) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder

Use this subject in the resulting Jwt

subject(String) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder

Sets the subject (sub) claim, which identifies the principal that is the subject of the JWT.

SUBJECT_NOT_FOUND - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes

The assertion did not contain a subject element.

SUBJECT_TOKEN - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

subject_token - used in Token Exchange Access Token Request.

SUBJECT_TOKEN_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

subject_token_type - used in Token Exchange Access Token Request.

SubjectDnX509PrincipalExtractor - Class in org.springframework.security.web.authentication.preauth.x509

Obtains the principal from a certificate using a regular expression match against the Subject (as returned by a call to X509Certificate.getSubjectDN()).

SubjectDnX509PrincipalExtractor() - Constructor for class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor

subjectPrincipalRegex(String) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer

Specifies the regex to extract the principal from the certificate.

submit(Runnable) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService

submit(Runnable) - Method in class org.springframework.security.task.DelegatingSecurityContextAsyncTaskExecutor

submit(Runnable, T) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService

submit(Callable<T>) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService

submit(Callable<T>) - Method in class org.springframework.security.task.DelegatingSecurityContextAsyncTaskExecutor

success() - Static method in class org.springframework.security.oauth2.core.OAuth2TokenValidatorResult

Construct a successful OAuth2TokenValidatorResult

success() - Static method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult

Construct a successful Saml2ResponseValidatorResult

success() - Static method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult

Construct a successful Saml2LogoutValidatorResult

success(String) - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse

Returns a new OAuth2AuthorizationResponse.Builder, initialized with the authorization code.

successForwardUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer

Forward Authentication Success Handler

successfulAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter

successfulAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Default behaviour for successful authentication.

successfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

Puts the Authentication instance returned by the authentication manager into the secure context.

successHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Specifies the AuthenticationSuccessHandler to be used.

SupplierClientRegistrationRepository - Class in org.springframework.security.oauth2.client.registration

A ClientRegistrationRepository that lazily calls to retrieve ClientRegistration(s) when requested.

SupplierClientRegistrationRepository(Supplier<T>) - Constructor for class org.springframework.security.oauth2.client.registration.SupplierClientRegistrationRepository

Constructs an SupplierClientRegistrationRepository using the provided parameters.

SupplierJwtDecoder - Class in org.springframework.security.oauth2.jwt

A JwtDecoder that lazily initializes another JwtDecoder

SupplierJwtDecoder(Supplier<JwtDecoder>) - Constructor for class org.springframework.security.oauth2.jwt.SupplierJwtDecoder

SupplierReactiveJwtDecoder - Class in org.springframework.security.oauth2.jwt

A ReactiveJwtDecoder that lazily initializes another ReactiveJwtDecoder

SupplierReactiveJwtDecoder(Supplier<ReactiveJwtDecoder>) - Constructor for class org.springframework.security.oauth2.jwt.SupplierReactiveJwtDecoder

supports(Class<?>) - Method in interface org.springframework.security.access.AccessDecisionManager

Deprecated.

Indicates whether the AccessDecisionManager implementation is able to provide access control decisions for the indicated secured object type.

supports(Class<?>) - Method in interface org.springframework.security.access.AccessDecisionVoter

Deprecated.

Indicates whether the AccessDecisionVoter implementation is able to provide access control votes for the indicated secured object type.

supports(Class<?>) - Method in interface org.springframework.security.access.AfterInvocationProvider

Deprecated.

Indicates whether the AfterInvocationProvider is able to provide "after invocation" processing for the indicated secured object type.

supports(Class<?>) - Method in class org.springframework.security.access.annotation.Jsr250Voter

Deprecated.

All classes are supported.

supports(Class<?>) - Method in interface org.springframework.security.access.intercept.AfterInvocationManager

Deprecated.

Indicates whether the AfterInvocationManager implementation is able to provide access control decisions for the indicated secured object type.

supports(Class<?>) - Method in class org.springframework.security.access.intercept.AfterInvocationProviderManager

Deprecated.

Iterates through all AfterInvocationProviders and ensures each can support the presented class.

supports(Class<?>) - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider

Deprecated.

supports(Class<?>) - Method in interface org.springframework.security.access.intercept.RunAsManager

Deprecated.

Indicates whether the RunAsManager implementation is able to provide run-as replacement for the indicated secure object type.

supports(Class<?>) - Method in class org.springframework.security.access.intercept.RunAsManagerImpl

Deprecated.

This implementation supports any type of class, because it does not query the presented secure object.

supports(Class<?>) - Method in class org.springframework.security.access.method.AbstractMethodSecurityMetadataSource

Deprecated.

supports(Class<?>) - Method in class org.springframework.security.access.prepost.PostInvocationAdviceProvider

Deprecated.

supports(Class<?>) - Method in class org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter

Deprecated.

supports(Class<?>) - Method in interface org.springframework.security.access.SecurityMetadataSource

Indicates whether the SecurityMetadataSource implementation is able to provide ConfigAttributes for the indicated secure object type.

supports(Class<?>) - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager

Deprecated.

Iterates through all AccessDecisionVoters and ensures each can support the presented class.

supports(Class<?>) - Method in class org.springframework.security.access.vote.AbstractAclVoter

Deprecated.

This implementation supports only MethodSecurityInterceptor, because it queries the presented MethodInvocation.

supports(Class<?>) - Method in class org.springframework.security.access.vote.AuthenticatedVoter

Deprecated.

This implementation supports any type of class, because it does not query the presented secure object.

supports(Class<?>) - Method in class org.springframework.security.access.vote.RoleVoter

Deprecated.

This implementation supports any type of class, because it does not query the presented secure object.

supports(Class<?>) - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider

This implementation supports any type of class, because it does not query the presented secure object.

supports(Class<?>) - Method in class org.springframework.security.authentication.AnonymousAuthenticationProvider

supports(Class<?>) - Method in interface org.springframework.security.authentication.AuthenticationProvider

Returns true if this AuthenticationProvider supports the indicated Authentication object.

supports(Class<?>) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider

supports(Class<?>) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider

supports(Class<?>) - Method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationProvider

supports(Class<?>) - Method in class org.springframework.security.authentication.RememberMeAuthenticationProvider

supports(Class<?>) - Method in class org.springframework.security.authentication.TestingAuthenticationProvider

supports(Class<?>) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider

supports(Class<?>) - Method in class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider

supports(Class<?>) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

supports(Class<?>) - Method in class org.springframework.security.messaging.access.expression.MessageExpressionVoter

Deprecated.

supports(Class<?>) - Method in class org.springframework.security.messaging.access.intercept.DefaultMessageSecurityMetadataSource

Deprecated.

supports(Class<?>) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationProvider

supports(Class<?>) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider

supports(Class<?>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider

supports(Class<?>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter

supports(Class<?>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2DeviceAuthorizationResponseHttpMessageConverter

supports(Class<?>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter

supports(Class<?>) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider

supports(Class<?>) - Method in class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider

supports(Class<?>) - Method in class org.springframework.security.web.access.expression.WebExpressionVoter

Deprecated.

supports(Class<?>) - Method in class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource

supports(Class<?>) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider

Indicate that this provider only supports PreAuthenticatedAuthenticationToken (sub)classes.

supports(Class<?>) - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationProvider

supports(ConfigAttribute) - Method in interface org.springframework.security.access.AccessDecisionManager

Deprecated.

Indicates whether this AccessDecisionManager is able to process authorization requests presented with the passed ConfigAttribute.

supports(ConfigAttribute) - Method in interface org.springframework.security.access.AccessDecisionVoter

Deprecated.

Indicates whether this AccessDecisionVoter is able to vote on the passed ConfigAttribute.

supports(ConfigAttribute) - Method in interface org.springframework.security.access.AfterInvocationProvider

Deprecated.

Indicates whether this AfterInvocationProvider is able to participate in a decision involving the passed ConfigAttribute.

supports(ConfigAttribute) - Method in class org.springframework.security.access.annotation.Jsr250Voter

Deprecated.

The specified config attribute is supported if its an instance of a Jsr250SecurityConfig.

supports(ConfigAttribute) - Method in interface org.springframework.security.access.intercept.AfterInvocationManager

Deprecated.

Indicates whether this AfterInvocationManager is able to process "after invocation" requests presented with the passed ConfigAttribute.

supports(ConfigAttribute) - Method in class org.springframework.security.access.intercept.AfterInvocationProviderManager

Deprecated.

supports(ConfigAttribute) - Method in interface org.springframework.security.access.intercept.RunAsManager

Deprecated.

Indicates whether this RunAsManager is able to process the passed ConfigAttribute.

supports(ConfigAttribute) - Method in class org.springframework.security.access.intercept.RunAsManagerImpl

Deprecated.

supports(ConfigAttribute) - Method in class org.springframework.security.access.prepost.PostInvocationAdviceProvider

Deprecated.

supports(ConfigAttribute) - Method in class org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter

Deprecated.

supports(ConfigAttribute) - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager

Deprecated.

supports(ConfigAttribute) - Method in class org.springframework.security.access.vote.AuthenticatedVoter

Deprecated.

supports(ConfigAttribute) - Method in class org.springframework.security.access.vote.RoleVoter

Deprecated.

supports(ConfigAttribute) - Method in class org.springframework.security.acls.AclEntryVoter

supports(ConfigAttribute) - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider

supports(ConfigAttribute) - Method in class org.springframework.security.messaging.access.expression.MessageExpressionVoter

Deprecated.

supports(ConfigAttribute) - Method in interface org.springframework.security.web.access.channel.ChannelDecisionManager

Indicates whether this ChannelDecisionManager is able to process the passed ConfigAttribute.

supports(ConfigAttribute) - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl

supports(ConfigAttribute) - Method in interface org.springframework.security.web.access.channel.ChannelProcessor

Indicates whether this ChannelProcessor is able to process the passed ConfigAttribute.

supports(ConfigAttribute) - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor

supports(ConfigAttribute) - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor

supports(ConfigAttribute) - Method in class org.springframework.security.web.access.expression.WebExpressionVoter

Deprecated.

supportsContext(Observation.Context) - Method in class org.springframework.security.authentication.AuthenticationObservationConvention

supportsContext(Observation.Context) - Method in class org.springframework.security.authorization.AuthorizationObservationConvention

supportsParameter(MethodParameter) - Method in class org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver

supportsParameter(MethodParameter) - Method in class org.springframework.security.messaging.handler.invocation.reactive.AuthenticationPrincipalArgumentResolver

supportsParameter(MethodParameter) - Method in class org.springframework.security.messaging.handler.invocation.reactive.CurrentSecurityContextArgumentResolver

supportsParameter(MethodParameter) - Method in class org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver

supportsParameter(MethodParameter) - Method in class org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2AuthorizedClientArgumentResolver

supportsParameter(MethodParameter) - Method in class org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver

Deprecated.

supportsParameter(MethodParameter) - Method in class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver

supportsParameter(MethodParameter) - Method in class org.springframework.security.web.method.annotation.CsrfTokenArgumentResolver

supportsParameter(MethodParameter) - Method in class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver

supportsParameter(MethodParameter) - Method in class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver

supportsParameter(MethodParameter) - Method in class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver

switchUser(WebFilterExchange) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter

Attempt to switch to another user.

SwitchUserAuthorityChanger - Interface in org.springframework.security.web.authentication.switchuser

Allows subclasses to modify the GrantedAuthority list that will be assigned to the principal when they assume the identity of a different principal.

SwitchUserFilter - Class in org.springframework.security.web.authentication.switchuser

Switch User processing filter responsible for user context switching.

SwitchUserFilter() - Constructor for class org.springframework.security.web.authentication.switchuser.SwitchUserFilter

SwitchUserGrantedAuthority - Class in org.springframework.security.web.authentication.switchuser

Custom GrantedAuthority used by SwitchUserFilter

SwitchUserGrantedAuthority(String, Authentication) - Constructor for class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority

SwitchUserWebFilter - Class in org.springframework.security.web.server.authentication

Switch User processing filter responsible for user context switching.

SwitchUserWebFilter(ReactiveUserDetailsService, String, String) - Constructor for class org.springframework.security.web.server.authentication.SwitchUserWebFilter

Creates a filter for the user context switching

SwitchUserWebFilter(ReactiveUserDetailsService, ServerAuthenticationSuccessHandler, ServerAuthenticationFailureHandler) - Constructor for class org.springframework.security.web.server.authentication.SwitchUserWebFilter

Creates a filter for the user context switching

SYSTEM_PROPERTY - Static variable in class org.springframework.security.core.context.SecurityContextHolder

T

TagLibConfig - Class in org.springframework.security.taglibs

internal configuration class for taglibs.

TEMPORARILY_UNAVAILABLE - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes

temporarily_unavailable - The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.

TEST_EXECUTION - Enum constant in enum class org.springframework.security.test.context.support.TestExecutionEvent

Associated to TestExecutionListener.beforeTestExecution(TestContext) event.

TEST_METHOD - Enum constant in enum class org.springframework.security.test.context.support.TestExecutionEvent

Associated to TestExecutionListener.beforeTestMethod(TestContext) event.

TestExecutionEvent - Enum Class in org.springframework.security.test.context.support

Represents the events on the methods of TestExecutionListener

TestingAuthenticationProvider - Class in org.springframework.security.authentication

An AuthenticationProvider implementation for the TestingAuthenticationToken.

TestingAuthenticationProvider() - Constructor for class org.springframework.security.authentication.TestingAuthenticationProvider

TestingAuthenticationToken - Class in org.springframework.security.authentication

An Authentication implementation that is designed for use whilst unit testing.

TestingAuthenticationToken(Object, Object) - Constructor for class org.springframework.security.authentication.TestingAuthenticationToken

TestingAuthenticationToken(Object, Object, String...) - Constructor for class org.springframework.security.authentication.TestingAuthenticationToken

TestingAuthenticationToken(Object, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.TestingAuthenticationToken

TestingAuthenticationToken(Object, Object, List<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.TestingAuthenticationToken

testSecurityContext() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors

Creates a RequestPostProcessor that can be used to ensure that the resulting request is ran with the user in the TestSecurityContextHolder.

TestSecurityContextHolder - Class in org.springframework.security.test.context

The TestSecurityContextHolder is very similar to SecurityContextHolder, but is necessary for testing.

TestSecurityContextHolderStrategyAdapter - Class in org.springframework.security.test.context

TestSecurityContextHolderStrategyAdapter() - Constructor for class org.springframework.security.test.context.TestSecurityContextHolderStrategyAdapter

text(CharSequence, CharSequence) - Static method in class org.springframework.security.crypto.encrypt.Encryptors

Creates a text encryptor that uses "standard" password-based encryption.

TextEncryptor - Interface in org.springframework.security.crypto.encrypt

Service interface for symmetric encryption of text strings.

TextEscapeUtils - Class in org.springframework.security.web.util

Internal utility for escaping characters in HTML strings.

TextEscapeUtils() - Constructor for class org.springframework.security.web.util.TextEscapeUtils

THIRTY_TWO_RESERVED_OFF - Static variable in interface org.springframework.security.acls.model.Permission

ThrowableAnalyzer - Class in org.springframework.security.web.util

Handler for analyzing Throwable instances.

ThrowableAnalyzer() - Constructor for class org.springframework.security.web.util.ThrowableAnalyzer

Creates a new ThrowableAnalyzer instance.

ThrowableCauseExtractor - Interface in org.springframework.security.web.util

Interface for handlers extracting the cause out of a specific Throwable type.

ThrowingMethodAuthorizationDeniedHandler - Class in org.springframework.security.authorization.method

An implementation of MethodAuthorizationDeniedHandler that throws AuthorizationDeniedException

ThrowingMethodAuthorizationDeniedHandler() - Constructor for class org.springframework.security.authorization.method.ThrowingMethodAuthorizationDeniedHandler

timeout(Duration) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder

Sets the PublicKeyCredentialCreationOptions.getTimeout() property.

timeout(Duration) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder

Sets the PublicKeyCredentialRequestOptions.getTimeout() property.

TLS_CLIENT_AUTH - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod

toAuthorizedTarget() - Method in interface org.springframework.security.authorization.method.AuthorizationProxy

Access underlying target object

toBase64UrlString() - Method in class org.springframework.security.web.webauthn.api.Bytes

Gets the bytes as Base64 URL encoded String.

Token - Interface in org.springframework.security.core.token

A token issued by TokenService.

TOKEN - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

token - used in Token Revocation Request.

TOKEN_EXCHANGE - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType

TOKEN_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

token_type - used in Authorization Response and Access Token Response.

TOKEN_TYPE - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames

token_type - The type of the token, for example bearer.

TOKEN_TYPE_HINT - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

token_type_hint - used in Token Revocation Request.

TokenBasedRememberMeServices - Class in org.springframework.security.web.authentication.rememberme

Identifies previously remembered users by a Base-64 encoded cookie.

TokenBasedRememberMeServices(String, UserDetailsService) - Constructor for class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices

TokenBasedRememberMeServices(String, UserDetailsService, TokenBasedRememberMeServices.RememberMeTokenAlgorithm) - Constructor for class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices

Construct the instance with the parameters provided

TokenBasedRememberMeServices.RememberMeTokenAlgorithm - Enum Class in org.springframework.security.web.authentication.rememberme

tokenEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use OAuth2LoginConfigurer.tokenEndpoint(Customizer) or tokenEndpoint(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

tokenEndpoint(Customizer<OAuth2LoginConfigurer.TokenEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Configures the Authorization Server's Token Endpoint.

TokenExchangeGrantRequest - Class in org.springframework.security.oauth2.client.endpoint

A Token Exchange Grant request that holds the subject token and optional actor token.

TokenExchangeGrantRequest(ClientRegistration, OAuth2Token, OAuth2Token) - Constructor for class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequest

Constructs a TokenExchangeGrantRequest using the provided parameters.

TokenExchangeGrantRequestEntityConverter - Class in org.springframework.security.oauth2.client.endpoint

Deprecated.

Use DefaultOAuth2TokenRequestParametersConverter instead

TokenExchangeGrantRequestEntityConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequestEntityConverter

Deprecated.

TokenExchangeOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client

An implementation of an OAuth2AuthorizedClientProvider for the token-exchange grant.

TokenExchangeOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider

TokenExchangeReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client

An implementation of an ReactiveOAuth2AuthorizedClientProvider for the token-exchange grant.

TokenExchangeReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider

tokenGeneratingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer

Specifies the URL that a One-Time Token generate request will be processed.

tokenGeneratingUrl(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec

Specifies the URL that a One-Time Token generate request will be processed.

tokenGenerationSuccessHandler(OneTimeTokenGenerationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer

Specifies strategy to be used to handle generated one-time tokens.

tokenGenerationSuccessHandler(ServerOneTimeTokenGenerationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec

Specifies strategy to be used to handle generated one-time tokens.

tokenRepository(PersistentTokenRepository) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

Specifies the PersistentTokenRepository to use.

tokenService(OneTimeTokenService) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer

Configures the OneTimeTokenService used to generate and consume OneTimeToken

tokenService(ReactiveOneTimeTokenService) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec

Configures the ReactiveOneTimeTokenService used to generate and consume OneTimeToken

TokenService - Interface in org.springframework.security.core.token

Provides a mechanism to allocate and rebuild secure, randomised tokens.

tokenType(OAuth2AccessToken.TokenType) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder

Sets the token type.

tokenUri(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder

Sets the uri for the token endpoint.

tokenValiditySeconds(int) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

Allows specifying how long (in seconds) a token is valid for

tokenValue(String) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder

Use this token value in the resulting OidcLogoutToken

tokenValue(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder

Use this token value in the resulting OidcIdToken

tokenValue(String) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder

Use this token value in the resulting Jwt

toString() - Method in class org.springframework.security.access.intercept.RunAsUserToken

Deprecated.

toString() - Method in class org.springframework.security.access.SecurityConfig

toString() - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager

Deprecated.

toString() - Method in class org.springframework.security.acls.domain.AbstractPermission

toString() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl

toString() - Method in class org.springframework.security.acls.domain.AclImpl

toString() - Method in class org.springframework.security.acls.domain.GrantedAuthoritySid

toString() - Method in class org.springframework.security.acls.domain.ObjectIdentityImpl

toString() - Method in class org.springframework.security.acls.domain.PrincipalSid

toString() - Method in class org.springframework.security.authentication.AbstractAuthenticationToken

toString() - Method in class org.springframework.security.authentication.jaas.JaasGrantedAuthority

toString() - Method in class org.springframework.security.authorization.AuthorityAuthorizationDecision

toString() - Method in class org.springframework.security.authorization.AuthorityAuthorizationManager

toString() - Method in class org.springframework.security.authorization.AuthorizationDecision

toString() - Method in class org.springframework.security.authorization.ExpressionAuthorizationDecision

toString() - Method in class org.springframework.security.authorization.method.ExpressionAttributeAuthorizationDecision

Deprecated.

toString() - Method in class org.springframework.security.authorization.method.MethodExpressionAuthorizationManager

toString() - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken

toString() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextCallable

toString() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextRunnable

toString() - Method in class org.springframework.security.core.authority.SimpleGrantedAuthority

toString() - Method in class org.springframework.security.core.context.SecurityContextHolder

toString() - Method in class org.springframework.security.core.context.SecurityContextImpl

toString() - Method in class org.springframework.security.core.token.DefaultToken

toString() - Method in class org.springframework.security.core.userdetails.User

toString() - Method in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm

toString() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl

Create a textual representation containing error and warning messages, if any are present.

toString() - Method in class org.springframework.security.ldap.search.FilterBasedLdapUserSearch

toString() - Method in class org.springframework.security.ldap.userdetails.LdapAuthority

toString() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl

toString() - Method in class org.springframework.security.messaging.util.matcher.AbstractMessageMatcherComposite

toString() - Method in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher

toString() - Method in class org.springframework.security.messaging.util.matcher.SimpMessageTypeMatcher

toString() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration

toString() - Method in class org.springframework.security.oauth2.core.ClientAuthenticationMethod

toString() - Method in class org.springframework.security.oauth2.core.OAuth2Error

toString() - Method in class org.springframework.security.oauth2.core.user.DefaultOAuth2User

toString() - Method in class org.springframework.security.oauth2.core.user.OAuth2UserAuthority

toString() - Method in class org.springframework.security.saml2.core.Saml2Error

toString() - Method in exception org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException

toString() - Method in class org.springframework.security.util.SimpleMethodInvocation

toString() - Method in class org.springframework.security.web.access.expression.WebExpressionAuthorizationManager

toString() - Method in class org.springframework.security.web.access.intercept.RequestKey

toString() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails

toString() - Method in class org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy

toString() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority

toString() - Method in class org.springframework.security.web.authentication.ui.DefaultResourcesFilter

toString() - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails

toString() - Method in class org.springframework.security.web.DefaultSecurityFilterChain

toString() - Method in class org.springframework.security.web.FilterChainProxy

toString() - Method in class org.springframework.security.web.FilterInvocation

toString() - Method in class org.springframework.security.web.firewall.FirewalledRequest

toString() - Method in class org.springframework.security.web.header.Header

toString() - Method in class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter

toString() - Method in class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter

toString() - Method in class org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter

toString() - Method in class org.springframework.security.web.header.writers.FeaturePolicyHeaderWriter

toString() - Method in class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter

toString() - Method in class org.springframework.security.web.header.writers.StaticHeadersWriter

toString() - Method in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue

toString() - Method in class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter

toString() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest

toString() - Method in enum class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue

toString() - Method in class org.springframework.security.web.server.ui.DefaultResourcesWebFilter

toString() - Method in class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher

toString() - Method in class org.springframework.security.web.server.util.matcher.IpAddressServerWebExchangeMatcher

toString() - Method in class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher

toString() - Method in class org.springframework.security.web.server.util.matcher.NegatedServerWebExchangeMatcher

toString() - Method in class org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher

toString() - Method in class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher

toString() - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher

toString() - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper

toString() - Method in class org.springframework.security.web.util.matcher.AndRequestMatcher

toString() - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher

toString() - Method in class org.springframework.security.web.util.matcher.AnyRequestMatcher

toString() - Method in class org.springframework.security.web.util.matcher.DispatcherTypeRequestMatcher

toString() - Method in class org.springframework.security.web.util.matcher.ELRequestMatcher

toString() - Method in class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher

toString() - Method in class org.springframework.security.web.util.matcher.NegatedRequestMatcher

toString() - Method in class org.springframework.security.web.util.matcher.OrRequestMatcher

toString() - Method in class org.springframework.security.web.util.matcher.RegexRequestMatcher

toString() - Method in class org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher

toString() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAttachment

toString() - Method in class org.springframework.security.web.webauthn.api.Bytes

toString() - Method in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier

transform(HttpServletRequest) - Method in interface org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer

Return the HttpServletRequest that is passed into the AuthorizationManager

transform(HttpServletRequest) - Method in class org.springframework.security.web.access.HandlerMappingIntrospectorRequestTransformer

Transient - Annotation Interface in org.springframework.security.core

A marker for Authentications that should never be stored across requests, for example a bearer token authentication

TransientSecurityContext - Class in org.springframework.security.core.context

A SecurityContext that is annotated with @Transient and thus should never be stored across requests.

TransientSecurityContext() - Constructor for class org.springframework.security.core.context.TransientSecurityContext

TransientSecurityContext(Authentication) - Constructor for class org.springframework.security.core.context.TransientSecurityContext

transports(List<AuthenticatorTransport>) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse.AuthenticatorAttestationResponseBuilder

Sets the AuthenticatorAttestationResponse.getTransports() property.

transports(Set<AuthenticatorTransport>) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder

transports(Set<AuthenticatorTransport>) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor.PublicKeyCredentialDescriptorBuilder

Sets the PublicKeyCredentialDescriptor.getTransports() property.

transports(AuthenticatorTransport...) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse.AuthenticatorAttestationResponseBuilder

Sets the AuthenticatorAttestationResponse.getTransports() property.

transports(AuthenticatorTransport...) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor.PublicKeyCredentialDescriptorBuilder

Sets the PublicKeyCredentialDescriptor.getTransports() property.

TWO_WEEKS_S - Static variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

TYP - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames

typ - the type header is used by JWS/JWE applications to declare the media type of a JWS/JWE

type(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder

Sets the type header that declares the media type of the JWS/JWE.

type(PublicKeyCredentialType) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential.PublicKeyCredentialBuilder

Sets the PublicKeyCredential.getType() property.

type(PublicKeyCredentialType) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor.PublicKeyCredentialDescriptorBuilder

Sets the PublicKeyCredentialDescriptor.getType() property.

U

UnanimousBased - Class in org.springframework.security.access.vote

Deprecated.

Use AuthorizationManager instead

UnanimousBased(List<AccessDecisionVoter<?>>) - Constructor for class org.springframework.security.access.vote.UnanimousBased

Deprecated.

unauthenticated() - Static method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers

ResultMatcher that verifies that no user is authenticated.

unauthenticated(Object, Object) - Static method in class org.springframework.security.authentication.UsernamePasswordAuthenticationToken

This factory method can be safely used by any code that wishes to create a unauthenticated UsernamePasswordAuthenticationToken.

unauthenticated(Object, String) - Static method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken

Creates an unauthenticated token

unauthenticated(String) - Static method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken

Creates an unauthenticated token

UNAUTHORIZED_CLIENT - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes

unauthorized_client - The client is not authorized to request an authorization code or access token using this method.

UnboundIdContainer - Class in org.springframework.security.ldap.server

UnboundIdContainer(String, String) - Constructor for class org.springframework.security.ldap.server.UnboundIdContainer

UNKNOWN_RESPONSE_CLASS - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes

SAML Data does not represent a SAML 2 Response object.

UNLIMITED - Static variable in interface org.springframework.security.web.server.authentication.SessionLimit

Represents unlimited sessions.

UnloadedSidException - Exception in org.springframework.security.acls.model

Thrown if an Acl cannot perform an operation because it only loaded a subset of Sids and the caller has requested details for an unloaded Sid .

UnloadedSidException(String) - Constructor for exception org.springframework.security.acls.model.UnloadedSidException

Constructs an NotFoundException with the specified message.

UnloadedSidException(String, Throwable) - Constructor for exception org.springframework.security.acls.model.UnloadedSidException

Constructs an NotFoundException with the specified message and root cause.

UNSAFE_NONE - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy

UNSAFE_NONE - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy

UNSAFE_NONE - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy

UNSAFE_NONE - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy

UNSAFE_URL - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy

UNSAFE_URL - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy

unsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

Default behaviour for unsuccessful authentication.

unsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter

Ensures the authentication object in the secure context is set to null when authentication fails.

UNSUPPORTED_GRANT_TYPE - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes

unsupported_grant_type - The authorization grant type is not supported by the authorization server.

UNSUPPORTED_RESPONSE_TYPE - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes

unsupported_response_type - The authorization server does not support obtaining an authorization code or access token using this method.

UNSUPPORTED_TOKEN_TYPE - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes

unsupported_token_type - The authorization server does not support the revocation of the presented token type.

updateAccessDefaults(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Updates the default values for access.

updateAce(int, Permission) - Method in class org.springframework.security.acls.domain.AclImpl

updateAce(int, Permission) - Method in interface org.springframework.security.acls.model.MutableAcl

updateAcl(MutableAcl) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

This implementation will simply delete all ACEs in the database and recreate them on each invocation of this method.

updateAcl(MutableAcl) - Method in interface org.springframework.security.acls.model.MutableAclService

Changes an existing Acl in the database.

updateAuditing(int, boolean, boolean) - Method in class org.springframework.security.acls.domain.AclImpl

updateAuditing(int, boolean, boolean) - Method in interface org.springframework.security.acls.model.AuditableAcl

updateAuthenticationDefaults() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Updates the default values for authentication.

UPDATED_AT - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames

updated_at - the time the user's information was last updated

updatedAt(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Use this updated-at Instant in the resulting OidcUserInfo

updateLastAccessTime(String) - Method in class org.springframework.security.core.session.InMemoryReactiveSessionRegistry

updateLastAccessTime(String) - Method in interface org.springframework.security.core.session.ReactiveSessionRegistry

Updates the last accessed time of the ReactiveSessionInformation

updateObjectIdentity(MutableAcl) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService

Updates an existing acl_object_identity row, with new information presented in the passed MutableAcl object.

updatePassword(UserDetails, String) - Method in class org.springframework.security.core.userdetails.MapReactiveUserDetailsService

updatePassword(UserDetails, String) - Method in interface org.springframework.security.core.userdetails.ReactiveUserDetailsPasswordService

Modify the specified user's password.

updatePassword(UserDetails, String) - Method in interface org.springframework.security.core.userdetails.UserDetailsPasswordService

Modify the specified user's password.

updatePassword(UserDetails, String) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager

updateToken(String, String, Date) - Method in class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl

updateToken(String, String, Date) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl

updateToken(String, String, Date) - Method in interface org.springframework.security.web.authentication.rememberme.PersistentTokenRepository

updateUser(UserDetails) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

updateUser(UserDetails) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager

updateUser(UserDetails) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

updateUser(UserDetails) - Method in interface org.springframework.security.provisioning.UserDetailsManager

Update the specified user.

upgradeEncoding(String) - Method in class org.springframework.security.crypto.argon2.Argon2PasswordEncoder

upgradeEncoding(String) - Method in class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder

upgradeEncoding(String) - Method in class org.springframework.security.crypto.password.DelegatingPasswordEncoder

upgradeEncoding(String) - Method in interface org.springframework.security.crypto.password.PasswordEncoder

Returns true if the encoded password should be encoded again for better security, else false.

upgradeEncoding(String) - Method in class org.springframework.security.crypto.scrypt.SCryptPasswordEncoder

uriResolver(HttpServletRequest) - Static method in class org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers

Create a resolver based on the given HttpServletRequest.

uriResolver(HttpServletRequest, RelyingPartyRegistration) - Static method in class org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers

Create a resolver based on the given HttpServletRequest.

url(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder

Specifies the ldap server URL when not using the embedded LDAP server.

URL_SAFE - Static variable in class org.springframework.security.crypto.codec.Base64

Deprecated.

Encode using Base64-like encoding that is URL- and Filename-safe as described in Section 4 of RFC3548: https://tools.ietf.org/html/rfc3548.

UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Deprecated.

Use AuthorizeHttpRequestsConfigurer instead

UrlAuthorizationConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer

Deprecated.

UrlAuthorizationConfigurer.AuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers

Deprecated.

Maps the specified RequestMatcher instances to ConfigAttribute instances.

UrlAuthorizationConfigurer.StandardInterceptUrlRegistry - Class in org.springframework.security.config.annotation.web.configurers

Deprecated.

UrlUtils - Class in org.springframework.security.web.util

Provides static methods for composing URLs.

USB - Static variable in class org.springframework.security.web.webauthn.api.AuthenticatorTransport

usbc indicates the respective authenticator can be contacted over removable USB.

useAuthorizationManager() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity

Indicate whether ReactiveAuthorizationManager based Method Security to be used.

useInvalidToken() - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor

Populates an invalid token value on the request.

user(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder

The value of the username parameter.

user(String) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors

Establish a SecurityContext that has a UsernamePasswordAuthenticationToken for the Authentication.getPrincipal() and a User for the UsernamePasswordAuthenticationToken.getPrincipal().

user(String, String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder

Specify both the password parameter name and the password.

user(UserDetails) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors

Establish a SecurityContext that has a UsernamePasswordAuthenticationToken for the Authentication.getPrincipal() and a custom UserDetails for the UsernamePasswordAuthenticationToken.getPrincipal().

user(PublicKeyCredentialUserEntity) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder

Sets the PublicKeyCredentialCreationOptions.getUser() property.

User - Class in org.springframework.security.core.userdetails

Models core user information retrieved by a UserDetailsService.

User(String, String, boolean, boolean, boolean, boolean, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.core.userdetails.User

Construct the User with the details required by DaoAuthenticationProvider.

User(String, String, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.core.userdetails.User

Calls the more complex constructor with all boolean arguments set to true.

USER_CODE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

user_code - used in Device Authorization Response.

USER_DETAILS_SERVICE - Static variable in class org.springframework.security.config.BeanIds

USER_DETAILS_SERVICE_FACTORY - Static variable in class org.springframework.security.config.BeanIds

USER_SERVICE - Static variable in class org.springframework.security.config.Elements

USER_VERIFICATION_OPTIONAL - Enum constant in enum class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput.CredProtect.ProtectionPolicy

USER_VERIFICATION_OPTIONAL_WITH_CREDENTIAL_ID_LIST - Enum constant in enum class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput.CredProtect.ProtectionPolicy

USER_VERIFICATION_REQUIRED - Enum constant in enum class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput.CredProtect.ProtectionPolicy

User.UserBuilder - Class in org.springframework.security.core.userdetails

Builds the user to be added.

UserAttribute - Class in org.springframework.security.core.userdetails.memory

Used by InMemoryUserDetailsManager to temporarily store the attributes associated with a user.

UserAttribute() - Constructor for class org.springframework.security.core.userdetails.memory.UserAttribute

UserAttributeEditor - Class in org.springframework.security.core.userdetails.memory

Property editor that creates a UserAttribute from a comma separated list of values.

UserAttributeEditor() - Constructor for class org.springframework.security.core.userdetails.memory.UserAttributeEditor

userAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig

Sets the GrantedAuthoritiesMapper used for mapping OAuth2AuthenticatedPrincipal.getAuthorities().

userCache(UserCache) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

Defines the UserCache to use

UserCache - Interface in org.springframework.security.core.userdetails

Provides a cache of UserDetails objects.

UserCredentialRepository - Interface in org.springframework.security.web.webauthn.management

A repository for managing CredentialRecords associated to a user.

UserDetails - Interface in org.springframework.security.core.userdetails

Provides core user information.

UserDetailsAwareConfigurer<B extends ProviderManagerBuilder<B>,U extends UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails

Base class that allows access to the UserDetailsService for using as a default value with AuthenticationManagerBuilder.

UserDetailsAwareConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsAwareConfigurer

UserDetailsByNameServiceWrapper<T extends Authentication> - Class in org.springframework.security.core.userdetails

This implementation for AuthenticationUserDetailsService wraps a regular Spring Security UserDetailsService implementation, to retrieve a UserDetails object based on the user name contained in an Authentication object.

UserDetailsByNameServiceWrapper() - Constructor for class org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper

Constructs an empty wrapper for compatibility with Spring Security 2.0.x's method of using a setter.

UserDetailsByNameServiceWrapper(UserDetailsService) - Constructor for class org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper

Constructs a new wrapper using the supplied UserDetailsService as the service to delegate to.

UserDetailsChecker - Interface in org.springframework.security.core.userdetails

Called by classes which make use of a UserDetailsService to check the status of the loaded UserDetails object.

userDetailsContextMapper - Variable in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

userDetailsContextMapper(UserDetailsContextMapper) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

Allows explicit customization of the loaded user object by specifying a UserDetailsContextMapper bean which will be called with the context information from the user's directory entry.

UserDetailsContextMapper - Interface in org.springframework.security.ldap.userdetails

Operations to map a UserDetails object to and from a Spring LDAP DirContextOperations implementation.

UserDetailsManager - Interface in org.springframework.security.provisioning

An extension of the UserDetailsService which provides the ability to create new users and update existing ones.

UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>,C extends UserDetailsManagerConfigurer<B,C>> - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning

Base class for populating an AuthenticationManagerBuilder with a UserDetailsManager.

UserDetailsManagerConfigurer(UserDetailsManager) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer

UserDetailsManagerConfigurer.UserDetailsBuilder - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning

Builds the user to be added.

UserDetailsManagerResourceFactoryBean - Class in org.springframework.security.config.provisioning

Constructs an InMemoryUserDetailsManager from a resource using UserDetailsResourceFactoryBean.

UserDetailsManagerResourceFactoryBean() - Constructor for class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean

UserDetailsMapFactoryBean - Class in org.springframework.security.config.core.userdetails

Creates a Collection<UserDetails> from a @{code Map} in the format of

UserDetailsMapFactoryBean(Map<String, String>) - Constructor for class org.springframework.security.config.core.userdetails.UserDetailsMapFactoryBean

userDetailsPasswordManager(UserDetailsPasswordService) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer

UserDetailsPasswordService - Interface in org.springframework.security.core.userdetails

An API for changing a UserDetails password.

UserDetailsRepositoryReactiveAuthenticationManager - Class in org.springframework.security.authentication

A ReactiveAuthenticationManager that uses a ReactiveUserDetailsService to validate the provided username and password.

UserDetailsRepositoryReactiveAuthenticationManager(ReactiveUserDetailsService) - Constructor for class org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager

UserDetailsResourceFactoryBean - Class in org.springframework.security.config.core.userdetails

Parses a Resource that is a Properties file in the format of: username=password[,enabled|disabled],roles...

UserDetailsResourceFactoryBean() - Constructor for class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean

userDetailsService(UserDetailsService) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

userDetailsService(UserDetailsService) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

Specifies the UserDetailsService used to look up the UserDetails when a remember me token is valid.

userDetailsService(UserDetailsService) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer

Shortcut for invoking X509Configurer.authenticationUserDetailsService(AuthenticationUserDetailsService) with a UserDetailsByNameServiceWrapper.

userDetailsService(UserDetailsService) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder

Allows adding an additional UserDetailsService to be used

userDetailsService(T) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

Add authentication based upon the custom UserDetailsService that is passed in.

UserDetailsService - Interface in org.springframework.security.core.userdetails

Core interface which loads user-specific data.

userDetailsServiceBeanName() - Element in annotation interface org.springframework.security.test.context.support.WithUserDetails

The bean name for the UserDetailsService to use.

UserDetailsServiceConfigurer<B extends ProviderManagerBuilder<B>,C extends UserDetailsServiceConfigurer<B,C,U>,U extends UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails

Allows configuring a UserDetailsService within a AuthenticationManagerBuilder.

UserDetailsServiceConfigurer(U) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer

Creates a new instance

UserDetailsServiceFactoryBean - Class in org.springframework.security.config.http

Bean used to lookup a named UserDetailsService or AuthenticationUserDetailsService.

UserDetailsServiceFactoryBean() - Constructor for class org.springframework.security.config.http.UserDetailsServiceFactoryBean

UserDetailsServiceLdapAuthoritiesPopulator - Class in org.springframework.security.ldap.authentication

Simple LdapAuthoritiesPopulator which delegates to a UserDetailsService, using the name which was supplied at login as the username.

UserDetailsServiceLdapAuthoritiesPopulator(UserDetailsService) - Constructor for class org.springframework.security.ldap.authentication.UserDetailsServiceLdapAuthoritiesPopulator

userDnPatterns(String...) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

If your users are at a fixed location in the directory (i.e.

userEntityUserId(Bytes) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder

userExists(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager

userExists(String) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager

userExists(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager

userExists(String) - Method in interface org.springframework.security.provisioning.UserDetailsManager

Check if a user with the supplied login name exists in the system.

userHandle(Bytes) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder

Set the AuthenticatorAssertionResponse.getUserHandle() property

userInfoAuthenticationMethod(AuthenticationMethod) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder

Sets the authentication method for the user info endpoint.

userInfoEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use OAuth2LoginConfigurer.userInfoEndpoint(Customizer) or userInfoEndpoint(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

userInfoEndpoint(Customizer<OAuth2LoginConfigurer.UserInfoEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Configures the Authorization Server's UserInfo Endpoint.

userInfoToken(Consumer<OidcUserInfo.Builder>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator

Use the provided OidcUserInfo when constructing the authenticated user

userInfoToken(Consumer<OidcUserInfo.Builder>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor

Use the provided OidcUserInfo when constructing the authenticated user

userInfoUri(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder

Sets the uri for the user info endpoint.

username() - Element in annotation interface org.springframework.security.test.context.support.WithMockUser

The username to be used.

username(String) - Method in class org.springframework.security.core.userdetails.User.UserBuilder

Populates the username.

USERNAME - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

username - used in Access Token Request.

USERNAME - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames

username - A human-readable identifier for the resource owner that authorized the token

USERNAME_ATTRIBUTE_NAME - Static variable in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext

The name of the attribute in the context associated to the value for the resource owner's username.

USERNAME_NOT_FOUND - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes

The subject did not contain a user identifier The assertion contained a subject element, but the subject element did not have a NameID or EncryptedID element https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=18

userNameAttributeName(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder

Sets the attribute name used to access the user's name from the user info response.

UsernameNotFoundException - Exception in org.springframework.security.core.userdetails

Thrown if an UserDetailsService implementation cannot locate a User by its username.

UsernameNotFoundException(String) - Constructor for exception org.springframework.security.core.userdetails.UsernameNotFoundException

Constructs a UsernameNotFoundException with the specified message.

UsernameNotFoundException(String, Throwable) - Constructor for exception org.springframework.security.core.userdetails.UsernameNotFoundException

Constructs a UsernameNotFoundException with the specified message and root cause.

usernameParameter(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer

The HTTP parameter to look for the username when performing authentication.

UsernamePasswordAuthenticationFilter - Class in org.springframework.security.web.authentication

Processes an authentication form submission.

UsernamePasswordAuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

UsernamePasswordAuthenticationFilter(AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

UsernamePasswordAuthenticationToken - Class in org.springframework.security.authentication

An Authentication implementation that is designed for simple presentation of a username and password.

UsernamePasswordAuthenticationToken(Object, Object) - Constructor for class org.springframework.security.authentication.UsernamePasswordAuthenticationToken

This constructor can be safely used by any code that wishes to create a UsernamePasswordAuthenticationToken, as the AbstractAuthenticationToken.isAuthenticated() will return false.

UsernamePasswordAuthenticationToken(Object, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.UsernamePasswordAuthenticationToken

This constructor should only be used by AuthenticationManager or AuthenticationProvider implementations that are satisfied with producing a trusted (i.e.

UsernamePasswordMetadata - Class in org.springframework.security.rsocket.metadata

Represents a username and password that have been encoded into a Payload.metadata().

UsernamePasswordMetadata(String, String) - Constructor for class org.springframework.security.rsocket.metadata.UsernamePasswordMetadata

userParameter(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder

The HTTP parameter to place the username.

usersByUsernameQuery(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

Sets the query to be used for finding a user by their username.

userSearchBase(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

Search base for user searches.

userSearchFilter(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

The LDAP filter used to search for users (optional).

userService(OAuth2UserService<OAuth2UserRequest, OAuth2User>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig

Sets the OAuth 2.0 service used for obtaining the user attributes of the End-User from the UserInfo Endpoint.

UserServiceBeanDefinitionParser - Class in org.springframework.security.config.authentication

UserServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.UserServiceBeanDefinitionParser

userVerification(UserVerificationRequirement) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria.AuthenticatorSelectionCriteriaBuilder

Sets the AuthenticatorSelectionCriteria.getUserVerification() property.

userVerification(UserVerificationRequirement) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder

Sets the PublicKeyCredentialRequestOptions.getUserVerification() property.

UserVerificationRequirement - Class in org.springframework.security.web.webauthn.api

UserVerificationRequirement is used by the Relying Party to indicate if user verification is needed.

useSecureCookie(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

Whether the cookie should be flagged as secure or not.

Utf8 - Class in org.springframework.security.crypto.codec

UTF-8 Charset encoder/decoder.

uvInitialized(boolean) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder

V

validate(Jwt) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenValidator

validate(Jwt) - Method in class org.springframework.security.oauth2.jwt.JwtClaimValidator

validate(Jwt) - Method in class org.springframework.security.oauth2.jwt.JwtIssuerValidator

validate(Jwt) - Method in class org.springframework.security.oauth2.jwt.JwtTimestampValidator

validate(Saml2LogoutRequestValidatorParameters) - Method in interface org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidator

Authenticates the SAML 2.0 Logout Request received from the SAML 2.0 Asserting Party.

validate(Saml2LogoutResponseValidatorParameters) - Method in interface org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidator

Authenticates the SAML 2.0 Logout Response received from the SAML 2.0 Asserting Party.

validate(FilterChainProxy) - Method in class org.springframework.security.config.http.DefaultFilterChainValidator

validate(FilterChainProxy) - Method in interface org.springframework.security.web.FilterChainProxy.FilterChainValidator

validate(T) - Method in class org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator

validate(T) - Method in interface org.springframework.security.oauth2.core.OAuth2TokenValidator

Verify the validity and/or constraints of the provided OAuth 2.0 Token.

value() - Element in annotation interface org.springframework.security.access.annotation.Secured

Returns the list of security configuration attributes (e.g. ROLE_USER, ROLE_ADMIN).

value() - Element in annotation interface org.springframework.security.access.method.P

Deprecated.

The parameter name

value() - Element in annotation interface org.springframework.security.access.prepost.PostAuthorize

value() - Element in annotation interface org.springframework.security.access.prepost.PostFilter

value() - Element in annotation interface org.springframework.security.access.prepost.PreAuthorize

value() - Element in annotation interface org.springframework.security.access.prepost.PreFilter

value() - Element in annotation interface org.springframework.security.core.parameters.P

The parameter name

value() - Element in annotation interface org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient

The default attribute for this annotation.

value() - Element in annotation interface org.springframework.security.test.context.support.WithMockUser

Convenience mechanism for specifying the username.

value() - Element in annotation interface org.springframework.security.test.context.support.WithUserDetails

The username to look up in the UserDetailsService

valueOf(String) - Static method in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.config.http.MatcherType

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.config.http.SessionCreationPolicy

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.BCryptVersion

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.crypto.encrypt.RsaAlgorithm

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.oauth2.jose.jws.MacAlgorithm

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.rsocket.api.PayloadExchangeType

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.test.context.support.TestExecutionEvent

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.RememberMeTokenAlgorithm

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter.Mode

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in enum class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in class org.springframework.security.web.webauthn.api.AttestationConveyancePreference

Gets an instance of AttestationConveyancePreference

valueOf(String) - Static method in class org.springframework.security.web.webauthn.api.AuthenticatorAttachment

Gets an instance of AuthenticatorAttachment based upon the value passed in.

valueOf(String) - Static method in class org.springframework.security.web.webauthn.api.AuthenticatorTransport

Gets an instance of AuthenticatorTransport.

valueOf(String) - Static method in enum class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput.CredProtect.ProtectionPolicy

Returns the enum constant of this class with the specified name.

valueOf(String) - Static method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialType

valueOf(String) - Static method in class org.springframework.security.web.webauthn.api.ResidentKeyRequirement

values() - Static method in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.config.http.MatcherType

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.config.http.SessionCreationPolicy

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.BCryptVersion

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.crypto.encrypt.RsaAlgorithm

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.oauth2.jose.jws.MacAlgorithm

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.rsocket.api.PayloadExchangeType

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.test.context.support.TestExecutionEvent

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.RememberMeTokenAlgorithm

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter.Mode

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in enum class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue

Returns an array containing the constants of this enum class, in the order they are declared.

values() - Static method in class org.springframework.security.web.webauthn.api.AuthenticatorAttachment

values() - Static method in class org.springframework.security.web.webauthn.api.AuthenticatorTransport

values() - Static method in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier

values() - Static method in enum class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput.CredProtect.ProtectionPolicy

Returns an array containing the constants of this enum class, in the order they are declared.

verification(X509Certificate) - Static method in class org.springframework.security.saml2.core.Saml2X509Credential

Create a Saml2X509Credential that can be used for verification.

VERIFICATION - Enum constant in enum class org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType

VERIFICATION_URI - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

verification_uri - used in Device Authorization Response.

VERIFICATION_URI_COMPLETE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames

verification_uri_complete - used in Device Authorization Response.

verificationUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse.Builder

Sets the end-user verification URI.

verificationUriComplete(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse.Builder

Sets the end-user verification URI that includes the user code.

verificationX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder

Apply this Consumer to the list of Saml2X509Credentials

verificationX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder

Apply this Consumer to the list of Saml2X509Credentials

verificationX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder

Apply this Consumer to the list of Saml2X509Credentials

verify(Supplier<Authentication>, T) - Method in interface org.springframework.security.authorization.AuthorizationManager

Determines if access should be granted for a specific authentication and object.

verify(Mono<Authentication>, T) - Method in interface org.springframework.security.authorization.ReactiveAuthorizationManager

Determines if access should be granted for a specific authentication and object

verifyThrowableHierarchy(Throwable, Class<? extends Throwable>) - Static method in class org.springframework.security.web.util.ThrowableAnalyzer

Verifies that the provided throwable is a valid subclass of the provided type (or of the type itself).

verifyToken(String) - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService

verifyToken(String) - Method in interface org.springframework.security.core.token.TokenService

Permits verification the Token.getKey() was issued by this TokenService and reconstructs the corresponding Token.

VirtualFilterChainDecorator() - Constructor for class org.springframework.security.web.FilterChainProxy.VirtualFilterChainDecorator

visit(AuthorizationAdvisorProxyFactory, Object) - Method in interface org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.TargetVisitor

Visit and possibly proxy this object.

vote(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.annotation.Jsr250Voter

Deprecated.

Votes according to JSR 250.

vote(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.vote.AuthenticatedVoter

Deprecated.

vote(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.vote.RoleVoter

Deprecated.

vote(Authentication, MethodInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter

Deprecated.

vote(Authentication, MethodInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.acls.AclEntryVoter

vote(Authentication, Message<T>, Collection<ConfigAttribute>) - Method in class org.springframework.security.messaging.access.expression.MessageExpressionVoter

Deprecated.

vote(Authentication, FilterInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.web.access.expression.WebExpressionVoter

Deprecated.

vote(Authentication, S, Collection<ConfigAttribute>) - Method in interface org.springframework.security.access.AccessDecisionVoter

Deprecated.

Indicates whether or not access is granted.

W

wantAuthnRequestsSigned(boolean) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder

Set the WantAuthnRequestsSigned setting, indicating the asserting party's preference that relying parties should sign the AuthnRequest before sending.

wantAuthnRequestsSigned(boolean) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder

Set the WantAuthnRequestsSigned setting, indicating the asserting party's preference that relying parties should sign the AuthnRequest before sending.

wantAuthnRequestsSigned(boolean) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder

Set the WantAuthnRequestsSigned setting, indicating the asserting party's preference that relying parties should sign the AuthnRequest before sending.

WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE - Static variable in class org.springframework.security.web.WebAttributes

Set as a request attribute to override the default WebInvocationPrivilegeEvaluator

WebAsyncManagerIntegrationFilter - Class in org.springframework.security.web.context.request.async

Provides integration between the SecurityContext and Spring Web's WebAsyncManager by using the SecurityContextCallableProcessingInterceptor.beforeConcurrentHandling(org.springframework.web.context.request.NativeWebRequest, Callable) to populate the SecurityContext on the Callable.

WebAsyncManagerIntegrationFilter() - Constructor for class org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter

WebAttributes - Class in org.springframework.security.web

Well-known keys which are used to store Spring Security information in request or session scope.

WebAuthenticationDetails - Class in org.springframework.security.web.authentication

A holder of selected HTTP details related to a web authentication request.

WebAuthenticationDetails(HttpServletRequest) - Constructor for class org.springframework.security.web.authentication.WebAuthenticationDetails

Records the remote address and will also set the session Id if a session already exists (it won't create one).

WebAuthenticationDetails(String, String) - Constructor for class org.springframework.security.web.authentication.WebAuthenticationDetails

Constructor to add Jackson2 serialize/deserialize support

WebAuthenticationDetailsSource - Class in org.springframework.security.web.authentication

Implementation of AuthenticationDetailsSource which builds the details object from an HttpServletRequest object, creating a WebAuthenticationDetails .

WebAuthenticationDetailsSource() - Constructor for class org.springframework.security.web.authentication.WebAuthenticationDetailsSource

webauthn() - Static method in class org.springframework.security.web.authentication.ui.DefaultResourcesFilter

Create an instance of DefaultResourcesFilter serving Spring Security's default webauthn javascript.

webAuthn(Customizer<WebAuthnConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Specifies webAuthn/passkeys based authentication.

Webauthn4JRelyingPartyOperations - Class in org.springframework.security.web.webauthn.management

A WebAuthn4j implementation of WebAuthnRelyingPartyOperations.

Webauthn4JRelyingPartyOperations(PublicKeyCredentialUserEntityRepository, UserCredentialRepository, PublicKeyCredentialRpEntity, Set<String>) - Constructor for class org.springframework.security.web.webauthn.management.Webauthn4JRelyingPartyOperations

Creates a new instance.

WebAuthnAuthentication - Class in org.springframework.security.web.webauthn.authentication

A WebAuthnAuthentication is used to represent successful authentication with WebAuthn.

WebAuthnAuthentication(PublicKeyCredentialUserEntity, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication

WebAuthnAuthenticationFilter - Class in org.springframework.security.web.webauthn.authentication

Authenticates PublicKeyCredential<AuthenticatorAssertionResponse> that is parsed from the body of the HttpServletRequest using the WebAuthnAuthenticationFilter.setConverter(GenericHttpMessageConverter).

WebAuthnAuthenticationFilter() - Constructor for class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationFilter

WebAuthnAuthenticationProvider - Class in org.springframework.security.web.webauthn.authentication

An AuthenticationProvider that uses WebAuthnRelyingPartyOperations for authentication using an WebAuthnAuthenticationRequestToken.

WebAuthnAuthenticationProvider(WebAuthnRelyingPartyOperations, UserDetailsService) - Constructor for class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationProvider

Creates a new instance.

WebAuthnAuthenticationRequestToken - Class in org.springframework.security.web.webauthn.authentication

An Authentication used in WebAuthnAuthenticationProvider for authenticating via WebAuthn.

WebAuthnAuthenticationRequestToken(RelyingPartyAuthenticationRequest) - Constructor for class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationRequestToken

Creates a new instance.

WebAuthnConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Configures WebAuthn for Spring Security applications

WebAuthnConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer

WebauthnJackson2Module - Class in org.springframework.security.web.webauthn.jackson

Adds Jackson support for Spring Security WebAuthn.

WebauthnJackson2Module() - Constructor for class org.springframework.security.web.webauthn.jackson.WebauthnJackson2Module

Creates a new instance.

WebAuthnRegistrationFilter - Class in org.springframework.security.web.webauthn.registration

Authenticates PublicKeyCredential<AuthenticatorAssertionResponse> that is parsed from the body of the HttpServletRequest using the WebAuthnRegistrationFilter.setConverter(HttpMessageConverter).

WebAuthnRegistrationFilter(UserCredentialRepository, WebAuthnRelyingPartyOperations) - Constructor for class org.springframework.security.web.webauthn.registration.WebAuthnRegistrationFilter

WebAuthnRegistrationFilter.SuccessfulUserRegistrationResponse - Class in org.springframework.security.web.webauthn.registration

WebAuthnRelyingPartyOperations - Interface in org.springframework.security.web.webauthn.management

An API for WebAuthn Relying Party Operations

webClient(WebClient) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder

Use the given WebClient to coordinate with the authorization servers indicated in the JWK Set uri as well as the Issuer.

WebClientReactiveAuthorizationCodeTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint

An implementation of a ReactiveOAuth2AccessTokenResponseClient that "exchanges" an authorization code credential for an access token credential at the Authorization Server's Token Endpoint.

WebClientReactiveAuthorizationCodeTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.WebClientReactiveAuthorizationCodeTokenResponseClient

WebClientReactiveClientCredentialsTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint

An implementation of a ReactiveOAuth2AccessTokenResponseClient that "exchanges" a client credential for an access token credential at the Authorization Server's Token Endpoint.

WebClientReactiveClientCredentialsTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.WebClientReactiveClientCredentialsTokenResponseClient

WebClientReactiveJwtBearerTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint

The default implementation of an ReactiveOAuth2AccessTokenResponseClient for the jwt-bearer grant.

WebClientReactiveJwtBearerTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.WebClientReactiveJwtBearerTokenResponseClient

WebClientReactivePasswordTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint

Deprecated.

The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.

WebClientReactivePasswordTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.WebClientReactivePasswordTokenResponseClient

Deprecated.

WebClientReactiveRefreshTokenTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint

An implementation of a ReactiveOAuth2AccessTokenResponseClient for the refresh_token grant.

WebClientReactiveRefreshTokenTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.WebClientReactiveRefreshTokenTokenResponseClient

WebClientReactiveTokenExchangeTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint

The default implementation of an ReactiveOAuth2AccessTokenResponseClient for the token-exchange grant.

WebClientReactiveTokenExchangeTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.WebClientReactiveTokenExchangeTokenResponseClient

WebExpressionAuthorizationManager - Class in org.springframework.security.web.access.expression

An expression-based AuthorizationManager that determines the access by evaluating the provided expression.

WebExpressionAuthorizationManager(String) - Constructor for class org.springframework.security.web.access.expression.WebExpressionAuthorizationManager

Creates an instance.

WebExpressionVoter - Class in org.springframework.security.web.access.expression

Deprecated.

Use WebExpressionAuthorizationManager instead

WebExpressionVoter() - Constructor for class org.springframework.security.web.access.expression.WebExpressionVoter

Deprecated.

WebFilterChainProxy - Class in org.springframework.security.web.server

Used to delegate to a List of SecurityWebFilterChain instances.

WebFilterChainProxy(List<SecurityWebFilterChain>) - Constructor for class org.springframework.security.web.server.WebFilterChainProxy

WebFilterChainProxy(SecurityWebFilterChain...) - Constructor for class org.springframework.security.web.server.WebFilterChainProxy

WebFilterChainProxy.DefaultWebFilterChainDecorator - Class in org.springframework.security.web.server

A WebFilterChainProxy.WebFilterChainDecorator that uses the DefaultWebFilterChain

WebFilterChainProxy.WebFilterChainDecorator - Interface in org.springframework.security.web.server

A strategy for decorating the provided filter chain with one that accounts for the SecurityFilterChain for a given request.

WebFilterChainServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication

Success handler that continues the filter chain after authentication success.

WebFilterChainServerAuthenticationSuccessHandler() - Constructor for class org.springframework.security.web.server.authentication.WebFilterChainServerAuthenticationSuccessHandler

WebFilterExchange - Class in org.springframework.security.web.server

A composite of the ServerWebExchange and the WebFilterChain.

WebFilterExchange(ServerWebExchange, WebFilterChain) - Constructor for class org.springframework.security.web.server.WebFilterExchange

WebInvocationPrivilegeEvaluator - Interface in org.springframework.security.web.access

Allows users to determine whether they have privileges for a given web URI.

WebJackson2Module - Class in org.springframework.security.web.jackson2

Jackson module for spring-security-web.

WebJackson2Module() - Constructor for class org.springframework.security.web.jackson2.WebJackson2Module

WebMvcSecurityConfiguration - Class in org.springframework.security.config.annotation.web.servlet.configuration

Deprecated.

This is applied internally using SpringWebMvcImportSelector

WebMvcSecurityConfiguration() - Constructor for class org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration

Deprecated.

WebSecurity - Class in org.springframework.security.config.annotation.web.builders

The WebSecurity is created by WebSecurityConfiguration to create the FilterChainProxy known as the Spring Security Filter Chain (springSecurityFilterChain).

WebSecurity(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.web.builders.WebSecurity

Creates a new instance

WebSecurity.IgnoredRequestConfigurer - Class in org.springframework.security.config.annotation.web.builders

Allows registering RequestMatcher instances that should be ignored by Spring Security.

WebSecurityConfiguration - Class in org.springframework.security.config.annotation.web.configuration

Uses a WebSecurity to create the FilterChainProxy that performs the web based security for Spring Security.

WebSecurityConfiguration() - Constructor for class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration

WebSecurityConfigurer<T extends SecurityBuilder<jakarta.servlet.Filter>> - Interface in org.springframework.security.config.annotation.web

Allows customization to the WebSecurity.

WebSecurityCustomizer - Interface in org.springframework.security.config.annotation.web.configuration

Callback interface for customizing WebSecurity.

webSecurityExpressionHandler() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration

WebSecurityExpressionRoot - Class in org.springframework.security.web.access.expression

WebSecurityExpressionRoot(Supplier<Authentication>, HttpServletRequest) - Constructor for class org.springframework.security.web.access.expression.WebSecurityExpressionRoot

Creates an instance for the given Supplier of the Authentication and HttpServletRequest.

WebSecurityExpressionRoot(Authentication, FilterInvocation) - Constructor for class org.springframework.security.web.access.expression.WebSecurityExpressionRoot

WebServerJackson2Module - Class in org.springframework.security.web.server.jackson2

Jackson module for spring-security-web-flux.

WebServerJackson2Module() - Constructor for class org.springframework.security.web.server.jackson2.WebServerJackson2Module

WebServletJackson2Module - Class in org.springframework.security.web.jackson2

Jackson module for spring-security-web related to servlet.

WebServletJackson2Module() - Constructor for class org.springframework.security.web.jackson2.WebServletJackson2Module

WebSessionOAuth2ServerAuthorizationRequestRepository - Class in org.springframework.security.oauth2.client.web.server

An implementation of an ServerAuthorizationRequestRepository that stores OAuth2AuthorizationRequest in the WebSession.

WebSessionOAuth2ServerAuthorizationRequestRepository() - Constructor for class org.springframework.security.oauth2.client.web.server.WebSessionOAuth2ServerAuthorizationRequestRepository

WebSessionServerCsrfTokenRepository - Class in org.springframework.security.web.server.csrf

A ServerCsrfTokenRepository that stores the CsrfToken in the HttpSession.

WebSessionServerCsrfTokenRepository() - Constructor for class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository

WebSessionServerLogoutHandler - Class in org.springframework.security.web.server.authentication.logout

A ServerLogoutHandler which invalidates the active WebSession.

WebSessionServerLogoutHandler() - Constructor for class org.springframework.security.web.server.authentication.logout.WebSessionServerLogoutHandler

WebSessionServerOAuth2AuthorizedClientRepository - Class in org.springframework.security.oauth2.client.web.server

An implementation of an OAuth2AuthorizedClientRepository that stores OAuth2AuthorizedClient's in the HttpSession.

WebSessionServerOAuth2AuthorizedClientRepository() - Constructor for class org.springframework.security.oauth2.client.web.server.WebSessionServerOAuth2AuthorizedClientRepository

WebSessionServerRequestCache - Class in org.springframework.security.web.server.savedrequest

An implementation of ServerRequestCache that saves the ServerHttpRequest in the WebSession.

WebSessionServerRequestCache() - Constructor for class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache

WebSessionServerSecurityContextRepository - Class in org.springframework.security.web.server.context

Stores the SecurityContext in the WebSession.

WebSessionServerSecurityContextRepository() - Constructor for class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository

website(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Use this website in the resulting OidcUserInfo

WEBSITE - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames

website - the URL of the user's web page or blog

WEBSOCKET_MESSAGE_BROKER - Static variable in class org.springframework.security.config.Elements

WebSocketMessageBrokerSecurityBeanDefinitionParser - Class in org.springframework.security.config.websocket

Parses Spring Security's websocket namespace support.

WebSocketMessageBrokerSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.websocket.WebSocketMessageBrokerSecurityBeanDefinitionParser

WebSpherePreAuthenticatedProcessingFilter - Class in org.springframework.security.web.authentication.preauth.websphere

This AbstractPreAuthenticatedProcessingFilter implementation is based on WebSphere authentication.

WebSpherePreAuthenticatedProcessingFilter() - Constructor for class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedProcessingFilter

Public constructor which overrides the default AuthenticationDetails class to be used.

WebSpherePreAuthenticatedWebAuthenticationDetailsSource - Class in org.springframework.security.web.authentication.preauth.websphere

This AuthenticationDetailsSource implementation will set the pre-authenticated granted authorities based on the WebSphere groups for the current WebSphere user, mapped using the configured Attributes2GrantedAuthoritiesMapper.

WebSpherePreAuthenticatedWebAuthenticationDetailsSource() - Constructor for class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedWebAuthenticationDetailsSource

WebSpherePreAuthenticatedWebAuthenticationDetailsSource(WASUsernameAndGroupsExtractor) - Constructor for class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedWebAuthenticationDetailsSource

WebTestUtils - Class in org.springframework.security.test.web.support

A utility class for testing spring security

WebXmlMappableAttributesRetriever - Class in org.springframework.security.web.authentication.preauth.j2ee

This MappableAttributesRetriever implementation reads the list of defined J2EE roles from a web.xml file and returns these from { WebXmlMappableAttributesRetriever.getMappableAttributes().

WebXmlMappableAttributesRetriever() - Constructor for class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever

WellKnownChangePasswordBeanDefinitionParser - Class in org.springframework.security.config.http

The bean definition parser for a Well-Known URL for Changing Passwords.

WellKnownChangePasswordBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.WellKnownChangePasswordBeanDefinitionParser

WhiteListedAllowFromStrategy - Class in org.springframework.security.web.header.writers.frameoptions

Deprecated.

ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.

WhiteListedAllowFromStrategy(Collection<String>) - Constructor for class org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy

Deprecated.

Creates a new instance

with(C, Customizer<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Applies a SecurityConfigurerAdapter to this SecurityBuilder and invokes SecurityConfigurerAdapter.setBuilder(SecurityBuilder).

with(String, String) - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse

Returns a new OAuth2DeviceAuthorizationResponse.Builder, initialized with the provided device code and user code values.

with(OAuth2DeviceCode, OAuth2UserCode) - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse

Returns a new OAuth2DeviceAuthorizationResponse.Builder, initialized with the provided device code and user code.

with(JwsAlgorithm) - Static method in class org.springframework.security.oauth2.jwt.JwsHeader

Returns a new JwsHeader.Builder, initialized with the provided JwsAlgorithm.

WithAnonymousUser - Annotation Interface in org.springframework.security.test.context.support

When used with WithSecurityContextTestExecutionListener this annotation can be added to a test method to emulate running with an anonymous user.

withAssertingPartyDetails(RelyingPartyRegistration.AssertingPartyDetails) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration

Deprecated, for removal: This API element is subject to removal in a future version.

Use RelyingPartyRegistration.withAssertingPartyMetadata(org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata) instead

withAssertingPartyEntityDescriptor(EntityDescriptor) - Static method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration

Deprecated.

Create a OpenSamlRelyingPartyRegistration.Builder from an entity descriptor

withAssertingPartyMetadata(AssertingPartyMetadata) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration

Creates a RelyingPartyRegistration RelyingPartyRegistration.Builder with a registrationId equivalent to the asserting party entity id.

withAuthentication(Consumer<Authentication>) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher

Allows for any validating the authentication with arbitrary assertions

withAuthentication(Authentication) - Static method in class org.springframework.security.core.context.ReactiveSecurityContextHolder

A shortcut for ReactiveSecurityContextHolder.withSecurityContext(Mono)

withAuthentication(Authentication) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher

Specifies the expected Authentication

withAuthenticationName(String) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher

Specifies the expected Principal.getName()

withAuthenticationPrincipal(Object) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher

Specifies the expected principal

withAuthorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher

Specifies the Authentication.getAuthorities()

withAuthorizedClient(OAuth2AuthorizedClient) - Static method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext

Returns a new OAuth2AuthorizationContext.Builder initialized with the OAuth2AuthorizedClient.

withAuthorizedClient(OAuth2AuthorizedClient) - Static method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest

Returns a new OAuth2AuthorizeRequest.Builder initialized with the authorized client.

withClientRegistration(ClientRegistration) - Static method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext

Returns a new OAuth2AuthorizationContext.Builder initialized with the ClientRegistration.

withClientRegistration(ClientRegistration) - Static method in class org.springframework.security.oauth2.client.registration.ClientRegistration

Returns a new ClientRegistration.Builder, initialized with the provided ClientRegistration.

withClientRegistrationId(String) - Static method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest

Returns a new OAuth2AuthorizeRequest.Builder initialized with the identifier for the client registration.

withDefaultPasswordEncoder() - Static method in class org.springframework.security.core.userdetails.User

Deprecated.

Using this method is not considered safe for production, but is acceptable for demos and getting started. For production purposes, ensure the password is encoded externally. See the method Javadoc for additional details. There are no plans to remove this support. It is deprecated to indicate that this is considered insecure for production purposes.

withDefaultRolePrefix() - Static method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl

Factory method that creates a RoleHierarchyImpl.Builder instance with the default role prefix "ROLE_"

withDefaults() - Static method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory

Construct an AuthorizationAdvisorProxyFactory with the defaults needed for wrapping objects in Spring Security's pre-post method security support.

withDefaults() - Static method in interface org.springframework.security.config.Customizer

Returns a Customizer that does not alter the input argument.

withDefaults() - Static method in class org.springframework.security.config.observation.SecurityObservationSettings

Begin the configuration of a SecurityObservationSettings

withDefaults(Map<String, Converter<Object, ?>>) - Static method in class org.springframework.security.oauth2.jwt.MappedJwtClaimSetConverter

Construct a MappedJwtClaimSetConverter, overriding individual claim converters with the provided Map of Converters.

withDefaultSchema() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

Populates the default schema that allows users and authorities to be stored.

withEntityDescriptor(EntityDescriptor) - Static method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails

Use this EntityDescriptor to begin building an RelyingPartyRegistration.AssertingPartyDetails

withErrors(Saml2Error...) - Static method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult

Construct a Saml2LogoutValidatorResult.Builder, starting with the given errors.

withHttpOnlyFalse() - Static method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository

Factory method to conveniently create an instance that creates cookies where Cookie.isHttpOnly() is set to false.

withHttpOnlyFalse() - Static method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

Factory method to conveniently create an instance that has creates cookies with ResponseCookie.isHttpOnly() set to false.

withIssuerLocation(String) - Static method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder

Use the given Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to derive the needed JWK Set uri.

withIssuerLocation(String) - Static method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder

Use the given Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to derive the needed JWK Set uri.

withJwkSetUri(String) - Static method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder

Use the given JWK Set uri.

withJwkSetUri(String) - Static method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder

Use the given JWK Set uri to validate JWTs.

withJwkSource(Function<SignedJWT, Flux<JWK>>) - Static method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder

Use the given Function to validate JWTs

WithMockUser - Annotation Interface in org.springframework.security.test.context.support

When used with WithSecurityContextTestExecutionListener this annotation can be added to a test method to emulate running with a mocked user.

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

Adds an ObjectPostProcessor for this class.

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer

Adds an ObjectPostProcessor for this class.

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry

Adds an ObjectPostProcessor for this class.

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry

Adds an ObjectPostProcessor for this class.

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry

Deprecated.

Adds an ObjectPostProcessor for this class.

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry

Deprecated.

Adds an ObjectPostProcessor for this class.

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer

Deprecated.

Adds an ObjectPostProcessor for this class.

withPins(Map<String, String>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig

Deprecated.

Sets the value for the pin- directive of the Public-Key-Pins header.

withPkce() - Static method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestCustomizers

Returns a Consumer to be provided the OAuth2AuthorizationRequest.Builder that adds the code_challenge and, usually, code_challenge_method parameters to the OAuth 2.0 Authorization Request.

withPublicKey(RSAPublicKey) - Static method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder

Use the given public key to validate JWTs

withPublicKey(RSAPublicKey) - Static method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder

Use the given public key to validate JWTs

withReactiveDefaults() - Static method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory

Construct an AuthorizationAdvisorProxyFactory with the defaults needed for wrapping objects in Spring Security's pre-post reactive method security support.

withRegistrationId(String) - Static method in class org.springframework.security.oauth2.client.registration.ClientRegistration

Returns a new ClientRegistration.Builder, initialized with the provided registration identifier.

withRegistrationId(String) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration

Creates a RelyingPartyRegistration RelyingPartyRegistration.Builder with a known registrationId

withRelyingPartyRegistration(RelyingPartyRegistration) - Static method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest

Create a Saml2LogoutRequest.Builder instance from this RelyingPartyRegistration Specifically, this will pull the SingleLogoutService location and binding from the RelyingPartyRegistration

withRelyingPartyRegistration(RelyingPartyRegistration) - Static method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse

Create a Saml2LogoutResponse.Builder instance from this RelyingPartyRegistration Specifically, this will pull the SingleLogoutService response location and binding from the RelyingPartyRegistration

withRelyingPartyRegistration(RelyingPartyRegistration) - Static method in class org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest

Constructs a Saml2PostAuthenticationRequest.Builder from a RelyingPartyRegistration object.

withRelyingPartyRegistration(RelyingPartyRegistration) - Static method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest

Constructs a Saml2PostAuthenticationRequest.Builder from a RelyingPartyRegistration object.

withRelyingPartyRegistration(RelyingPartyRegistration) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration

Deprecated, for removal: This API element is subject to removal in a future version.

Use RelyingPartyRegistration.mutate() instead

withResponse(OAuth2AccessTokenResponse) - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse

Returns a new OAuth2AccessTokenResponse.Builder, initialized with the provided response.

withRolePrefix(String) - Static method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl

Factory method that creates a RoleHierarchyImpl.Builder instance with the specified role prefix.

withRoles(String...) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher

Specifies the Authentication.getAuthorities()

withSecretKey(SecretKey) - Static method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder

Use the given SecretKey to validate the MAC on a JSON Web Signature (JWS).

withSecretKey(SecretKey) - Static method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder

Use the given SecretKey to validate the MAC on a JSON Web Signature (JWS).

withSecurityContext(SecurityContext) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher

Specifies the expected SecurityContext

withSecurityContext(Mono<? extends SecurityContext>) - Static method in class org.springframework.security.core.context.ReactiveSecurityContextHolder

Creates a Reactor Context that contains the Mono<SecurityContext> that can be merged into another Context

WithSecurityContext - Annotation Interface in org.springframework.security.test.context.support

An annotation to determine what SecurityContext to use.

WithSecurityContextFactory<A extends Annotation> - Interface in org.springframework.security.test.context.support

An API that works with WithUserTestExcecutionListener for creating a SecurityContext that is populated in the TestSecurityContextHolder.

WithSecurityContextTestExecutionListener - Class in org.springframework.security.test.context.support

A TestExecutionListener that will find annotations that are annotated with WithSecurityContext on a test method or at the class level.

WithSecurityContextTestExecutionListener() - Constructor for class org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener

withSessionId(String) - Method in class org.springframework.security.core.session.ReactiveSessionInformation

withSessionId(String) - Method in class org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation

Copy this OidcSessionInformation, using a new session identifier

withToken(String) - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse

Returns a new OAuth2AccessTokenResponse.Builder, initialized with the provided access token value.

withTokenValue(String) - Static method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken

Create a OidcLogoutToken.Builder based on the given token value

withTokenValue(String) - Static method in class org.springframework.security.oauth2.core.oidc.OidcIdToken

Create a OidcIdToken.Builder based on the given token value

withTokenValue(String) - Static method in class org.springframework.security.oauth2.jwt.Jwt

Return a Jwt.Builder

withUser(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer

Allows adding a user to the UserDetailsManager that is being created.

withUser(User.UserBuilder) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer

Allows adding a user to the UserDetailsManager that is being created.

withUser(UserDetails) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer

Allows adding a user to the UserDetailsManager that is being created.

withUserDetails(UserDetails) - Static method in class org.springframework.security.core.userdetails.User

WithUserDetails - Annotation Interface in org.springframework.security.test.context.support

When used with WithSecurityContextTestExecutionListener this annotation can be added to a test method to emulate running with a UserDetails returned from the UserDetailsService.

withUsername(String) - Static method in class org.springframework.security.core.userdetails.User

Creates a UserBuilder with a specified username

withUsername(String) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher

Specifies the expected username

wrap(Runnable) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextScheduledExecutorService

wrap(Callable<T>) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextScheduledExecutorService

write - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot

write(RelyingPartyRegistration.Builder, MediaType, HttpOutputMessage) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter

WRITE - Static variable in class org.springframework.security.acls.domain.BasePermission

writeHeaders(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.header.HeaderWriter

Create a Header instance.

writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.CacheControlHeadersWriter

writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter

writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.CompositeHeaderWriter

writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter

writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter

writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter

writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter

writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter

writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.FeaturePolicyHeaderWriter

writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter

Writes the X-Frame-Options header value, overwritting any previous value.

writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter

Deprecated.

writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter

writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter

writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter

writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.StaticHeadersWriter

writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter

writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter

writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter

writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter

writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter

writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter

writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter

writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter

writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter

writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.FeaturePolicyServerHttpHeadersWriter

writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.PermissionsPolicyServerHttpHeadersWriter

writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter

writeHttpHeaders(ServerWebExchange) - Method in interface org.springframework.security.web.server.header.ServerHttpHeadersWriter

Write the headers to the response.

writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.ServerWebExchangeDelegatingServerHttpHeadersWriter

writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter

writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter

writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.XContentTypeOptionsServerHttpHeadersWriter

writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter

writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter

writeInternal(OAuth2AccessTokenResponse, HttpOutputMessage) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter

writeInternal(OAuth2DeviceAuthorizationResponse, HttpOutputMessage) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2DeviceAuthorizationResponseHttpMessageConverter

writeInternal(OAuth2Error, HttpOutputMessage) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter

writeMessage(String) - Method in class org.springframework.security.taglibs.authz.AuthenticationTag

writer(ServerHttpHeadersWriter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures custom headers writer

X

X_CONTENT_OPTIONS - Static variable in class org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter

X_CONTENT_OPTIONS - Static variable in class org.springframework.security.web.server.header.XContentTypeOptionsServerHttpHeadersWriter

X_FRAME_OPTIONS - Static variable in class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter

X_XSS_PROTECTION - Static variable in class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter

x509() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HttpSecurity.x509(Customizer) or x509(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

x509() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.x509(Customizer) or x509(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

x509() - Static method in class org.springframework.security.converter.RsaKeyConverters

Construct a Converter for converting a PEM-encoded X.509 RSA Public Key or X.509 Certificate into a RSAPublicKey.

x509(String) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors

Finds an X509Cetificate using a resoureName and populates it on the request.

x509(X509Certificate...) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors

Populates the provided X509Certificate instances on the request.

x509(Customizer<X509Configurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures X509 based pre authentication.

x509(Customizer<ServerHttpSecurity.X509Spec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures x509 authentication using a certificate provided by a client.

X509 - Static variable in class org.springframework.security.config.Elements

x509AuthenticationFilter(X509AuthenticationFilter) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer

Allows specifying the entire X509AuthenticationFilter.

X509AuthenticationFilter - Class in org.springframework.security.web.authentication.preauth.x509

X509AuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter

x509CertificateChain(List<String>) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder

Sets the X.509 certificate chain that contains the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS or encrypt the JWE.

X509Configurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds X509 based pre authentication to an application.

X509Configurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.X509Configurer

Creates a new instance

x509PrincipalExtractor(X509PrincipalExtractor) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer

Specifies the X509PrincipalExtractor

X509PrincipalExtractor - Interface in org.springframework.security.web.authentication.preauth.x509

Obtains the principal from an X509Certificate for use within the framework.

x509SHA1Thumbprint(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder

Sets the X.509 certificate SHA-1 thumbprint that is a base64url-encoded SHA-1 thumbprint (a.k.a.

x509SHA256Thumbprint(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder

Sets the X.509 certificate SHA-256 thumbprint that is a base64url-encoded SHA-256 thumbprint (a.k.a.

x509Url(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder

Sets the X.509 URL that refers to the resource for the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS or encrypt the JWE.

X5C - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames

x5c - the X.509 certificate chain header contains the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign a JWS or encrypt a JWE

X5T - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames

x5t - the X.509 certificate SHA-1 thumbprint header is a base64url-encoded SHA-1 thumbprint (a.k.a.

X5T_S256 - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames

x5t#S256 - the X.509 certificate SHA-256 thumbprint header is a base64url-encoded SHA-256 thumbprint (a.k.a.

X5U - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames

x5u - the X.509 URL header is a URI that refers to a resource for the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign a JWS or encrypt a JWE

XContentTypeOptionsHeaderWriter - Class in org.springframework.security.web.header.writers

A StaticHeadersWriter that inserts headers to prevent content sniffing.

XContentTypeOptionsHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.XContentTypeOptionsHeaderWriter

Creates a new instance

XContentTypeOptionsServerHttpHeadersWriter - Class in org.springframework.security.web.server.header

Adds X-Content-Type-Options: nosniff

XContentTypeOptionsServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.XContentTypeOptionsServerHttpHeadersWriter

XFRAME_OPTIONS_HEADER - Static variable in class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter

XFrameOptionsHeaderWriter - Class in org.springframework.security.web.header.writers.frameoptions

HeaderWriter implementation for the X-Frame-Options headers.

XFrameOptionsHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter

Creates an instance with XFrameOptionsHeaderWriter.XFrameOptionsMode.DENY

XFrameOptionsHeaderWriter(AllowFromStrategy) - Constructor for class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter

Deprecated.

ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.

XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode) - Constructor for class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter

Creates a new instance

XFrameOptionsHeaderWriter.XFrameOptionsMode - Enum Class in org.springframework.security.web.header.writers.frameoptions

The possible values for the X-Frame-Options header.

XFrameOptionsServerHttpHeadersWriter - Class in org.springframework.security.web.server.header

ServerHttpHeadersWriter implementation for the X-Frame-Options headers.

XFrameOptionsServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter

XFrameOptionsServerHttpHeadersWriter.Mode - Enum Class in org.springframework.security.web.server.header

The X-Frame-Options values.

XorCsrfChannelInterceptor - Class in org.springframework.security.messaging.web.csrf

ChannelInterceptor that validates a CSRF token masked by the XorCsrfTokenRequestAttributeHandler in the header of any SimpMessageType.CONNECT message.

XorCsrfChannelInterceptor() - Constructor for class org.springframework.security.messaging.web.csrf.XorCsrfChannelInterceptor

XorCsrfTokenRequestAttributeHandler - Class in org.springframework.security.web.csrf

An implementation of the CsrfTokenRequestHandler interface that is capable of masking the value of the CsrfToken on each request and resolving the raw token value from the masked value as either a header or parameter value of the request.

XorCsrfTokenRequestAttributeHandler() - Constructor for class org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler

XorServerCsrfTokenRequestAttributeHandler - Class in org.springframework.security.web.server.csrf

An implementation of the ServerCsrfTokenRequestAttributeHandler and ServerCsrfTokenRequestResolver interfaces that is capable of masking the value of the CsrfToken on each request and resolving the raw token value from the masked value as either a form data value or header of the request.

XorServerCsrfTokenRequestAttributeHandler() - Constructor for class org.springframework.security.web.server.csrf.XorServerCsrfTokenRequestAttributeHandler

xssProtection() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use HeadersConfigurer.xssProtection(Customizer) or xssProtection(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

xssProtection() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Deprecated, for removal: This API element is subject to removal in a future version.

For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.xssProtection(Customizer) or xssProtection(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

xssProtection(Customizer<HeadersConfigurer.XXssConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Note this is not comprehensive XSS protection!

xssProtection(Customizer<ServerHttpSecurity.HeaderSpec.XssProtectionSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures x-xss-protection response header.

XXssProtectionHeaderWriter - Class in org.springframework.security.web.header.writers

Renders the X-XSS-Protection header.

XXssProtectionHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter

Create a new instance

XXssProtectionHeaderWriter.HeaderValue - Enum Class in org.springframework.security.web.header.writers

The value of the x-xss-protection header.

XXssProtectionServerHttpHeadersWriter - Class in org.springframework.security.web.server.header

Add the x-xss-protection header.

XXssProtectionServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter

Creates a new instance

XXssProtectionServerHttpHeadersWriter.HeaderValue - Enum Class in org.springframework.security.web.server.header

The value of the x-xss-protection header.

Z

zoneinfo(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder

Use this zoneinfo in the resulting OidcUserInfo

ZONEINFO - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames

zoneinfo - the user's time zone

_

_this() - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder

Casting the return as the generic subtype, when returning itself

$ A B C D E F G H I J K L M N O P Q R S T U V W X Z _
All Classes and Interfaces|All Packages|Constant Field Values|Serialized Form