spring-security-docs 6.4.1 API

Packages
Package
Description
Core access-control related code, including security metadata related classes, interception code, access control annotations, EL support and voter-based implementations of the central AccessDecisionManager interface.
Support for JSR-250 and Spring Security @Secured annotations.
Authorization event and listener classes.
Expression handling code to support the use of Spring-EL based expressions in @PreAuthorize, @PreFilter, @PostAuthorize and @PostFilter annotations.
Implementation of expression-based method security.
Role hierarchy implementation.
Abstract level security interception classes which are responsible for enforcing the configured security constraints for a secure object.
Enforces security for AOP Alliance MethodInvocations, such as via Spring AOP.
Enforces security for AspectJ JointPoints, delegating secure object callbacks to the calling aspect.
Provides SecurityMetadataSource implementations for securing Java method invocations via different AOP libraries.
Contains the infrastructure classes for handling the @PreAuthorize, @PreFilter, @PostAuthorize and @PostFilter annotations.
Implements a vote-based approach to authorization decisions.
The Spring Security ACL package which implements instance-based security for domain objects.
After-invocation providers for collection and array filtering.
Basic implementation of access control lists (ACLs) interfaces.
JDBC-based persistence of ACL information
Interfaces and shared classes to manage access control lists (ACLs) for domain object instances.
 
Core classes and interfaces related to user authentication, which are used throughout Spring Security.
An AuthenticationProvider which relies upon a data access object.
Authentication success and failure events which can be published to the Spring application context.
An authentication provider for JAAS.
JAAS authentication events which can be published to the Spring application context by the JAAS authentication provider.
An in memory JAAS implementation.
 
 
 
 
 
 
Spring Security support for Apereo's Central Authentication Service (CAS).
An AuthenticationProvider that can process CAS service tickets and proxy tickets.
 
 
Authenticates standard web browser users via CAS.
Authentication processing mechanisms which respond to the submission of authentication credentials using CAS.
 
Support classes for the Spring Security namespace.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Parsing of <authentication-manager> and related elements.
 
 
 
 
Parsing of the <http> namespace element.
Security namespace support for LDAP authentication.
Support for parsing of the <global-method-security> and <intercept-methods> elements.
 
 
 
 
 
 
 
 
Core classes and interfaces related to user authentication and authorization, as well as the maintenance of a security context.
 
The default implementation of the GrantedAuthority interface.
Strategies for mapping a list of attributes (such as roles or LDAP groups) to a list of GrantedAuthoritys.
Classes related to the establishment of a security context for the duration of a request (such as an HTTP or RMI invocation).
 
Session abstraction which is provided by the org.springframework.security.core.session.SessionInformation SessionInformation class.
A service for building secure random tokens.
The standard interfaces for implementing user data DAOs.
Implementations of UserCache.
Exposes a JDBC-based authentication repository, implementing org.springframework.security.core.userdetails.UserDetailsService UserDetailsService.
Exposes an in-memory authentication repository.
 
 
Internal codec classes.
 
 
 
 
 
 
 
 
Mix-in classes to add Jackson serialization support.
Spring Security's LDAP module.
The LDAP authentication provider package.
 
 
Implementation of password policy functionality based on the Password Policy for LDAP Directories.
LdapUserSearch implementations.
Embedded Apache Directory Server implementation, as used by the configuration namespace.
LDAP-focused UserDetails implementations which map from a ubset of the data contained in some of the standard LDAP types (such as InetOrgPerson).
 
 
 
 
 
 
 
Core classes and interfaces providing support for OAuth 2.0 Client.
 
Support classes and interfaces for authenticating and authorizing a client with an OAuth 2.0 Authorization Server using a specific authorization grant flow.
Classes and interfaces providing support to the client for initiating requests to the Authorization Server's Protocol Endpoints.
 
 
Support classes and interfaces for authenticating and authorizing a client with an OpenID Connect 1.0 Provider using a specific authorization grant flow.
 
 
 
Classes and interfaces providing support to the client for initiating requests to the OpenID Connect 1.0 Provider's UserInfo Endpoint.
 
 
Classes and interfaces that provide support for ClientRegistration.
Classes and interfaces providing support to the client for initiating requests to the OAuth 2.0 Authorization Server's UserInfo Endpoint.
OAuth 2.0 Client Filter's and supporting classes and interfaces.
 
 
 
 
 
 
Core classes and interfaces providing support for the OAuth 2.0 Authorization Framework.
 
 
Support classes that model the OAuth 2.0 Request and Response messages from the Authorization Endpoint and Token Endpoint.
 
Core classes and interfaces providing support for OpenID Connect Core 1.0.
Support classes that model the OpenID Connect Core 1.0 Request and Response messages from the Authorization Endpoint and Token Endpoint.
Provides a model for an OpenID Connect Core 1.0 representation of a user Principal.
Provides a model for an OAuth 2.0 representation of a user Principal.
 
 
Core classes and interfaces providing support for JSON Web Signature (JWS).
Core classes and interfaces providing support for JSON Web Token (JWT).
OAuth 2.0 Resource Server core classes and interfaces providing support.
OAuth 2.0 Resource Server Authentications and supporting classes and interfaces.
OAuth 2.0 Introspection supporting classes and interfaces.
OAuth 2.0 Resource Server Filter's and supporting classes and interfaces.
OAuth 2.0 Resource Server access denial classes and interfaces.
 
 
 
 
 
Contains simple user and authority group account provisioning interfaces together with a a JDBC-based implementation.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Security related tag libraries that can be used in JSPs and templates.
JSP Security tag library implementation.
 
 
 
 
 
 
 
 
 
 
General utility classes used throughout the Spring Security framework.
Spring Security's web security module.
Access-control related classes and packages.
Classes that ensure web requests are received over required transport channels.
Implementation of web security expressions.
Enforcement of security for HTTP requests, typically by the URL requested.
Authentication processing mechanisms, which respond to the submission of authentication credentials using various protocols (eg BASIC, CAS, form login etc).
Logout functionality based around a filter which handles a specific logout URL.
 
 
Support for "pre-authenticated" scenarios, where Spring Security assumes the incoming request has already been authenticated by some externally configured system.
Pre-authentication support for container-authenticated requests.
Websphere-specific pre-authentication classes.
X.509 client certificate authentication support.
Support for remembering a user between different web sessions.
Strategy interface and implementations for handling session-related behaviour for a newly authenticated user.
Provides HTTP-based "switch user" (su) capabilities.
Authentication user-interface rendering code.
WWW-Authenticate based authentication mechanism implementations: Basic and Digest authentication.
 
 
Classes which are responsible for maintaining the security context between HTTP requests.
 
 
 
 
 
 
 
 
 
Makes a JAAS Subject available as the current Subject.
Mix-in classes to provide Jackson serialization support.
 
 
 
Classes related to the caching of an HttpServletRequest which requires authentication.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Populates a Servlet request with a new Spring Security compliant HttpServletRequestWrapper.
Session management filters, HttpSession events and publisher classes.
Web utility classes.