spring-security-docs 7.0.0-SNAPSHOT API
Packages
Package
Description
Core access-control related code, including security metadata related classes,
interception code, access control annotations, EL support and voter-based
implementations of the central
AccessDecisionManager
interface.Support for JSR-250 and Spring Security
@Secured annotations.Authorization event and listener classes.
Expression handling code to support the use of Spring-EL based expressions in
@PreAuthorize, @PreFilter, @PostAuthorize and
@PostFilter annotations.Implementation of expression-based method security.
Role hierarchy implementation.
Abstract level security interception classes which are responsible for enforcing the
configured security constraints for a secure object.
Enforces security for AOP Alliance
MethodInvocations, such as via Spring
AOP.Enforces security for AspectJ
JointPoints, delegating secure object
callbacks to the calling aspect.Provides
SecurityMetadataSource implementations for securing Java method
invocations via different AOP libraries.Contains the infrastructure classes for handling the
@PreAuthorize,
@PreFilter, @PostAuthorize and @PostFilter annotations.Implements a vote-based approach to authorization decisions.
The Spring Security ACL package which implements instance-based security for domain
objects.
After-invocation providers for collection and array filtering.
Basic implementation of access control lists (ACLs) interfaces.
JDBC-based persistence of ACL information
Interfaces and shared classes to manage access control lists (ACLs) for domain object
instances.
Core classes and interfaces related to user authentication, which are used throughout
Spring Security.
An
AuthenticationProvider which relies upon a data access object.Authentication success and failure events which can be published to the Spring
application context.
An authentication provider for JAAS.
JAAS authentication events which can be published to the Spring application context by
the JAAS authentication provider.
An in memory JAAS implementation.
Spring Security support for Apereo's Central Authentication Service
(CAS).
An
AuthenticationProvider that can process CAS service tickets and proxy
tickets.Jackson support for CAS.
UserDetails abstractions for CAS.Authenticates standard web browser users via CAS.
Authentication processing mechanisms which respond to the submission of authentication
credentials using CAS.
Support classes for the Spring Security namespace.
Parsing of <authentication-manager> and related elements.
Parsing of the <http> namespace element.
Security namespace support for LDAP authentication.
Support for parsing of the <global-method-security> and <intercept-methods>
elements.
Core classes and interfaces related to user authentication and authorization, as well
as the maintenance of a security context.
The default implementation of the
GrantedAuthority interface.Strategies for mapping a list of attributes (such as roles or LDAP groups) to a list of
GrantedAuthoritys.Classes related to the establishment of a security context for the duration of a
request (such as an HTTP or RMI invocation).
Session abstraction which is provided by the
org.springframework.security.core.session.SessionInformation
SessionInformation class.A service for building secure random tokens.
The standard interfaces for implementing user data DAOs.
Implementations of
UserCache.Exposes a JDBC-based authentication repository, implementing
org.springframework.security.core.userdetails.UserDetailsService UserDetailsService.Exposes an in-memory authentication repository.
Internal codec classes.
AOT integration for Spring Security's Data integration.
Spring Security extensions for Spring Data queries.
Mix-in classes to add Jackson serialization support.
Spring Security's LDAP module.
The LDAP authentication provider package.
Implementation of password policy functionality based on the
Password Policy for LDAP Directories.
LdapUserSearch implementations.Embedded UnboundID Server implementation, as used by the configuration namespace.
LDAP-focused
UserDetails implementations which map from a ubset of the data
contained in some of the standard LDAP types (such as InetOrgPerson).Security expression support for
Message.Authorization support for
Message.Support for establishing the
SecurityContext within messaging.Reactive support for resolving security related arguments.
Support for matching messages.
Support CSRF protection in messages.
Reactive Security CSRF protection.
Core classes and interfaces providing support for OAuth 2.0 Client.
Support classes and interfaces for authenticating and authorizing a client with an
OAuth 2.0 Authorization Server using a specific authorization grant flow.
Classes and interfaces providing support to the client for initiating requests to the
Authorization Server's Protocol Endpoints.
Support classes and interfaces for authenticating and authorizing a client with an
OpenID Connect 1.0 Provider using a specific authorization grant flow.
Classes and interfaces providing support to the client for initiating requests to the
OpenID Connect 1.0 Provider's UserInfo Endpoint.
Classes and interfaces that provide support for
ClientRegistration.Classes and interfaces providing support to the client for initiating requests to the
OAuth 2.0 Authorization Server's UserInfo Endpoint.
OAuth 2.0 Client
Filter's and supporting classes and interfaces.Core classes and interfaces providing support for the OAuth 2.0 Authorization
Framework.
Support classes that model the OAuth 2.0 Request and Response messages from the
Authorization Endpoint and Token Endpoint.
Core classes and interfaces providing support for OpenID Connect Core 1.0.
Support classes that model the OpenID Connect Core 1.0 Request and Response messages
from the Authorization Endpoint and Token Endpoint.
Provides a model for an OpenID Connect Core 1.0 representation of a user
Principal.Provides a model for an OAuth 2.0 representation of a user
Principal.Core classes and interfaces providing support for JSON Web Signature (JWS).
Core classes and interfaces providing support for JSON Web Token (JWT).
OAuth 2.0 Resource Server core classes and interfaces providing support.
OAuth 2.0 Resource Server
Authentications and supporting classes and
interfaces.OAuth 2.0 Introspection supporting classes and interfaces.
OAuth 2.0 Resource Server
Filter's and supporting classes and interfaces.OAuth 2.0 Resource Server access denial classes and interfaces.
Contains simple user and authority group account provisioning interfaces together with
a a JDBC-based implementation.
Spring Security RSocket APIs.
Spring Security RSocket Authentication integration.
Spring Security RSocket authorization integration.
Spring Security RSocket core integration.
Spring Security RSocket metadata integration.
Spring Security RSocket matching APIs.
Security related tag libraries that can be used in JSPs and templates.
JSP Security tag library implementation.
JSP Security tag library integration with CSRF protection.
Spring Security support managing the
SecurityContext.Support for Framework's Test annotations.
Spring Security support classes for the Spring TestContext Framework.
Spring Security upport for testing Spring WebFlux server endpoints via WebTestClient.
Spring Security built-in org.springframework.test.web.servlet.RequestBuilder
implementations.
Spring Security server-side support for testing Spring MVC applications.
Spring Security built-in MockMvcBuilder implementations.
Spring Security supporting the org.springframework.web.context package, such as
WebApplicationContext implementations and various utility classes.
General utility classes used throughout the Spring Security framework.
Spring Security's web security module.
Access-control related classes and packages.
Classes that ensure web requests are received over required transport channels.
Implementation of web security expressions.
Enforcement of security for HTTP requests, typically by the URL requested.
Authentication processing mechanisms, which respond to the submission of authentication
credentials using various protocols (eg BASIC, CAS, form login etc).
Logout functionality based around a filter which handles a specific logout URL.
Package for One Time Token usage.
Classes for Password APIs.
Support for "pre-authenticated" scenarios, where Spring Security assumes the incoming
request has already been authenticated by some externally configured system.
Pre-authentication support for container-authenticated requests.
Websphere-specific pre-authentication classes.
X.509 client certificate authentication support.
Support for remembering a user between different web sessions.
Strategy interface and implementations for handling session-related behaviour for a
newly authenticated user.
Provides HTTP-based "switch user" (su) capabilities.
Authentication user-interface rendering code.
WWW-Authenticate based authentication mechanism implementations: Basic and Digest
authentication.
Annotations for binding web security APIs.
Support for binding web security APIs.
Classes which are responsible for maintaining the security context between HTTP
requests.
Async request context APIs.
Async support for request context.
APIs for protection against CSRF attacks.
APIs for debugging web security.
APIs for web security firewall support.
APIs for writing security HTTP Headers.
APIs for writing security HTTP Headers.
APIs for writing security HTTP Headers related to frame options.
HTTP based security APIs.
Makes a JAAS Subject available as the current Subject.
Mix-in classes to provide Jackson serialization support.
Support for Spring Framework's handler method processing.
Support for Spring Framework's reactive handler method processing.
Support for Spring Framework's reactive view processing.
Classes related to the caching of an
HttpServletRequest which requires
authentication.WebFlux Spring Security support.
Reactive web Authorization APIs.
Reactive logout APIs.
Reactive OTT APIs.
Reactive web OTT APIs.
Reactive web context APIs.
Reactive APIs for protecting against CSRF attacks.
Reactive HTTP Firewall APIs.
Reactive APIs for adding HTTP Header based security.
Reactive web jackson2 integration.
Reactive support for saving requests (to replay them after interrupted by security
workflows like authentication).
WebFlux based transport security.
Support for rendering UIs (e.g.
Reactive APIs for matching requests which are used for, among other things, mapping
authorization rules.
CSRF support classes for Spring's web MVC framework.
Integration with Spring Framework's support for matching HTTP request paths.
Populates a Servlet request with a new Spring Security compliant
HttpServletRequestWrapper.Session management filters,
HttpSession events and publisher classes.Spring Security HTTP transport support.
Web utility classes.
Servlet APIs for matching requests which are used for, among other things, mapping
authorization rules.
WebAuthn APIs.
WebAuthn Authentication support.
WebAuthn Jackson Support.
Management of the WebAuthn APIs.
WebAuthn Registration support.