All Classes and Interfaces
Class
Description
Deprecated.
Deprecated.
please use
AclPermissionEvaluator instead.Deprecated.
Now used by only-deprecated classes.
Represents an application authentication event.
Abstract application event which indicates authentication failure for some reason.
AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,T extends AbstractAuthenticationFilterConfigurer<B,T,F>,F extends AbstractAuthenticationProcessingFilter>
Base class for configuring
AbstractAuthenticationFilterConfigurer.Abstract processor of browser-based HTTP-based authentication requests.
Base class containing the logic used by strategies which handle redirection to a URL
and are passed an
Authentication object as part of the contract.Base class for
Authentication objects.AbstractAuthenticationToken.AbstractAuthenticationBuilder<B extends AbstractAuthenticationToken.AbstractAuthenticationBuilder<B>>
A common abstract implementation of
Authentication.Builder.Deprecated.
Authorization events have moved.
A base class for an <authorize> tag that is independent of the tag rendering
technology (JSP, Facelets).
Abstract class for using the provided CAS assertion to construct a new User object.
Deprecated.
In modern Spring Security APIs, each API manages its own configuration
context.
A base
SecurityBuilder that allows SecurityConfigurer to be applied to
it.AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>,C extends AbstractDaoAuthenticationConfigurer<B,C,U>,U extends UserDetailsService>
Allows configuring a
DaoAuthenticationProviderDeprecated.
Use the
use-authorization-manager attribute for
<method-security> and <intercept-methods> instead or use
annotation-based or AuthorizationManager-based authorizationAdds a convenient base class for
SecurityConfigurer instances that operate on
HttpSecurity.An
AuthenticationProvider implementation that retrieves user details from a
JAAS login configuration.Creates an
AuthenticationManager that can perform LDAP authentication.Base class for the standard
LdapAuthenticationProvider and the
ActiveDirectoryLdapAuthenticationProvider.Base class for the authenticator implementations.
Abstract
MessageMatcher containing multiple MessageMatcherDeprecated.
Use the
use-authorization-manager attribute for
<method-security> and <intercept-methods> instead or use
annotation-based or AuthorizationManager-based authorizationBase implementation of an OAuth 2.0 Authorization Grant request that holds an
authorization grant credential and is used when initiating a request to the
Authorization Server's Token Endpoint.
A base representation of OAuth 2.0 Authorization Server metadata, returned by an
endpoint defined in OAuth 2.0 Authorization Server Metadata and OpenID Connect
Discovery 1.0.
AbstractOAuth2AuthorizationServerMetadata.AbstractBuilder<T extends AbstractOAuth2AuthorizationServerMetadata,B extends AbstractOAuth2AuthorizationServerMetadata.AbstractBuilder<T,B>>
A builder for subclasses of
AbstractOAuth2AuthorizationServerMetadata.A base representation of an OAuth 2.0 Client Registration Request and Response, which
is sent to and returned from the Client Registration Endpoint, and contains a set of
claims about the Client's Registration information.
AbstractOAuth2ClientRegistration.AbstractBuilder<T extends AbstractOAuth2ClientRegistration,B extends AbstractOAuth2ClientRegistration.AbstractBuilder<T,B>>
A builder for subclasses of
AbstractOAuth2ClientRegistration.Base class for OAuth 2.0 Token implementations.
Base class for
AbstractAuthenticationToken implementations that expose common
attributes between different OAuth 2.0 Access Token Formats.AbstractOAuth2TokenAuthenticationToken.AbstractOAuth2TokenAuthenticationBuilder<T extends OAuth2Token,B extends AbstractOAuth2TokenAuthenticationToken.AbstractOAuth2TokenAuthenticationBuilder<T,B>>
A builder for
AbstractOAuth2TokenAuthenticationToken implementationsAbstract base class for password encoders
Provides an abstract superclass for
Permission implementations.Base class for processing filters that handle pre-authenticated authentication
requests, where it is assumed that the principal has already been authenticated by an
external system.
Base class for RememberMeServices implementations.
A base class for registering
RequestMatcher's.Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern
browsers.
AbstractRestClientOAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest>
Abstract base class for
RestClient-based implementations of
OAuth2AccessTokenResponseClient that communicate to the Authorization Server's
Token Endpoint.Deprecated.
please use
HttpsRedirectFilter and its
associated PortMapperData holder for
AuthNRequest parameters to be sent using either the
Saml2MessageBinding.POST or Saml2MessageBinding.REDIRECT binding.A builder for
AbstractSaml2AuthenticationRequest and its subclasses.A base
SecurityBuilder that ensures the object being built is only built one
time.Base implementation of the facade which isolates Spring Security's requirements for
evaluating security expressions from the implementation of the underlying expression
objects.
Deprecated.
Use
AuthorizationFilter instead
for filter security,
AuthorizationChannelInterceptor
for messaging security, or
AuthorizationManagerBeforeMethodInterceptor
and
AuthorizationManagerAfterMethodInterceptor
for method security.Registers the
DelegatingFilterProxy to use the springSecurityFilterChain before
any other registered Filter.Abstract superclass for all session related events.
A base class for performing session fixation protection.
Base implementation for configuration settings.
AbstractSettings.AbstractBuilder<T extends AbstractSettings,B extends AbstractSettings.AbstractBuilder<T,B>>
A builder for subclasses of
AbstractSettings.A base
AuthenticationProvider that allows subclasses to override and work with
UserDetails objects.A base
ReactiveAuthenticationManager that allows subclasses to override and
work with UserDetails objects.AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest>
Abstract base class for all of the
WebClientReactive*TokenResponseClients that
communicate to the Authorization Server's Token Endpoint.Represents an individual permission assignment within an
Acl.An immutable default implementation of
AccessControlEntry.An implementation of
Tag that allows its body through if all authorizations are
granted to the request's principal.Deprecated.
Use
AuthorizationManager insteadDeprecated.
Use
AuthorizationManager insteadThrown if an
Authentication
object does not hold a required authority.Used by
ExceptionTranslationFilter to handle an
AccessDeniedException.Base implementation of
AccessDeniedHandler.Thrown if an authentication request is rejected because the account has expired.
Base class for authentication exceptions which are caused by a particular user account
status (locked, disabled etc).
Represents an access control list (ACL) for a domain object.
Strategy used by
AclImpl to determine whether a principal is permitted to call
adminstrative methods on the AclImpl.Default implementation of
AclAuthorizationStrategy.A caching layer for
JdbcAclService.Abstract base class for Acl data operations.
Deprecated.
please use
AclPermissionEvaluator instead.Deprecated.
please use
AclPermissionEvaluator instead.Deprecated.
please use
AclPermissionEvaluator instead.Utility methods for displaying ACL information.
Base implementation of
Acl.Batch loads ACLs for collections of objects to allow optimised filtering.
Used by Spring Security's expression-based access control implementation to evaluate
permissions for a particular object using the ACL module.
Provides retrieval of
Acl instances.
Thrown as a translation of an
AuthenticationException when
attempting to authenticate against Active Directory using
ActiveDirectoryLdapAuthenticationProvider.Specialized LDAP authentication provider which uses Active Directory configuration
conventions.
The Address Claim represents a physical mailing address defined by the OpenID Connect
Core 1.0 specification that can be returned either in the UserInfo Response or the ID
Token.
Encryptor that uses AES encryption.
Deprecated.
Use
AuthorizationManager insteadDeprecated.
Use delegation with
AuthorizationManagerDeprecated.
Use delegation with
AuthorizationManagerDeprecated.
Use delegation with
AuthorizationManagerAn
AuthorizationManager that determines if the current user is authorized by
evaluating if the Authentication contains all the specified authorities.A
ReactiveAuthorizationManager that determines if the current user is
authorized by evaluating if the Authentication contains all the specified
authorities.Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern
browsers.
An
AuthorizationManager that determines if the current user is authorized by
evaluating if the Authentication contains a FactorGrantedAuthority that
is not expired for each RequiredFactor.A builder for
AllRequiredFactorsAuthorizationManager.Thrown when
SecurityBuilder.build() is two or more times.Thrown if an
Acl entry already exists for the object.MessageMatcher that will return true if all of the passed in
MessageMatcher instances match.RequestMatcher that will return true if all of the passed in
RequestMatcher instances match.Matches if all the provided
ServerWebExchangeMatcher matchDeprecated.
Used only by now-deprecated classes.
Allows finding parameter names using the value attribute of any number of
Annotation instances.A component for configuring the expression attribute template of the parsed Spring
Security annotation
Detects if there is no
Authentication object in the
SecurityContextHolder, and populates it with one if needed.An
AuthenticationProvider implementation that validates
AnonymousAuthenticationTokens.Represents an anonymous
Authentication.Detects if there is no
Authentication object in the
ReactiveSecurityContextHolder, and populates it with one if needed.Configures Anonymous authentication (i.e.
If
ReactiveSecurityContextHolder is empty populates an
AnonymousAuthenticationTokenMatches any supplied request.
Implementation of
PasswordEncoder
that uses the Password4j library with Argon2 hashing algorithm.
Implementation of PasswordEncoder that uses the Argon2 hashing function.
Deprecated.
This class will be removed from the public API.
Deprecated.
This class will be removed from the public API.
An interface representing SAML 2.0 Asserting Party metadata
A repository for retrieving SAML 2.0 Asserting Party Metadata
WebAuthn Relying
Parties may use AttestationConveyancePreference
to specify their preference regarding attestation conveyance during credential
generation.
Interface to be implemented by classes that can map a list of security attributes (such
as roles or group names) to a collection of Spring Security
GrantedAuthoritys.Represents an ACE that provides auditing information.
A mutable ACL that provides audit capabilities.
Used by
AclImpl to log audit events.An
AuthorizationManager that determines if the current user is authenticated.Representation of an authenticated
Principal once an
Authentication request has been successfully authenticated by the
AuthenticationManager.authenticate(Authentication) method.An implementation of an
OAuth2AuthorizedClientRepository that delegates to the
provided OAuth2AuthorizedClientService if the current Principal is
authenticated, otherwise, to the default (or provided)
OAuth2AuthorizedClientRepository if the current request is unauthenticated (or
anonymous).An implementation of an
ServerOAuth2AuthorizedClientRepository that delegates
to the provided ServerOAuth2AuthorizedClientRepository if the current
Principal is authenticated, otherwise, to the default (or provided)
ServerOAuth2AuthorizedClientRepository if the current request is
unauthenticated (or anonymous).A
ReactiveAuthorizationManager that determines if the current user is
authenticated.Deprecated.
Use
AuthorityAuthorizationManager
insteadRepresents the token for an authentication request or for an authenticated principal
once the request has been processed by the
AuthenticationManager.authenticate(Authentication) method.A builder based on a given
Authentication instanceExports the authentication
ConfigurationA strategy used for converting from a
HttpServletRequest to an
Authentication of particular type.Deprecated.
Authentication is now separated from authorization.
Thrown if an authentication request is rejected because there is no
Authentication object in the
SecurityContext.Provides a
Authentication.getDetails() object
for a given web request.Used by
ExceptionTranslationFilter to commence an authentication scheme.Adapts a
AuthenticationEntryPoint into a AuthenticationFailureHandlerAbstract superclass for all exceptions related to an
Authentication object
being invalid for whatever reason.A client extension
input entry in the
AuthenticationExtensionsClientInputs.AuthenticationExtensionsClientInputs
is a dictionary containing the
client extension
input values for zero or more
WebAuthn
Extensions.
AuthenticationExtensionsClientOutputs
is a dictionary containing the
client extension
output values for zero or more
WebAuthn
Extensions.
Application event which indicates authentication failure due to invalid credentials
being presented.
Application event which indicates authentication failure due to the user's credentials
having expired.
Application event which indicates authentication failure due to the user's account
being disabled.
Application event which indicates authentication failure due to the user's account
having expired.
Strategy used to handle a failed authentication attempt.
Application event which indicates authentication failure due to the user's account
having been locked.
Application event which indicates authentication failure due to there being no
registered
AuthenticationProvider that can process the request.Application event which indicates authentication failure due to the CAS user's ticket
being generated by an untrusted proxy.
Application event which indicates authentication failure due to there being a problem
internal to the
AuthenticationManager.A
Filter that performs authentication of a particular request.Processes an
Authentication request.Registers the central ProviderManager used by the namespace configuration, and allows
the configuration of an alias, allowing users to reference it in their beans and
clearly see where the name is coming from.
Provider which doesn't provide any service.
SecurityBuilder used to create an AuthenticationManager.Factory bean for the namespace AuthenticationManager, which allows a more meaningful
error message to be reported in the NoSuchBeanDefinitionException, if the user
has forgotten to declare the <authentication-manager> element.
An interface for resolving an
AuthenticationManager based on the provided
contextThe authentication method used when sending bearer access tokens in resource requests
to resource servers.
An
Observation.Context used during authenticationsAn
ObservationConvention for translating authentications into
KeyValues.Converts from the
PayloadExchange for Authentication
Extension.Uses the provided
ReactiveAuthenticationManager to authenticate a Payload.Annotation that is used to resolve
Authentication.getPrincipal() to a method
argument.Deprecated.
Use
AuthenticationPrincipal instead.Allows resolving the
Authentication.getPrincipal() using the
AuthenticationPrincipal annotation.Allows resolving the
Authentication.getPrincipal() using the
AuthenticationPrincipal annotation.Deprecated.
Use
AuthenticationPrincipalArgumentResolver
instead.Allows resolving the
Authentication.getPrincipal() using the
AuthenticationPrincipal annotation.Resolves the Authentication
Indicates a class can process a specific
Authentication implementation.Wraps a UserDetailsService bean with a DaoAuthenticationProvider and registers the
latter with the ProviderManager.
Thrown if an authentication request could not be processed due to a system problem.
Application event which indicates successful authentication.
Strategy used to handle a successful user authentication.
Application event which indicates that a user context switch.
An
Tag implementation that allows convenient access
to the current Authentication object.Evaluates
Authentication tokensBasic implementation of
AuthenticationTrustResolver.Interface that allows for retrieving a UserDetails object based on an
Authentication object.
A
WebFilter that performs authentication of a particular request.The AuthenticatorAssertionResponse
interface represents an
authenticator's response
to a client's request for generation of a new
authentication
assertion given the
WebAuthn Relying
Party's challenge and OPTIONAL list of credentials it is aware of.
Builds a
AuthenticatorAssertionResponse.AuthenticatorAttestationResponse
represents the
authenticator's response
to a client's request for the creation of a new
public key
credential.
Builds
AuthenticatorAssertionResponse.AuthenticatorAttachment
can be used by
WebAuthn Relying
Parties to specify their requirements regarding authenticator attributes.
Creates a
AuthenticatorSelectionCriteriaAuthenticatorTransport
defines hints as to how clients might communicate with a particular authenticator in
order to obtain an assertion for a specific credential.
An
AuthorizationManager that determines if the current user is authorized by
evaluating if the Authentication contains any of the specified authorities.Represents an
AuthorizationDecision based on a collection of authoritiesAn
AuthorizationManager that determines if the current user is authorized by
evaluating if the Authentication contains a specified authority.The AuthorityGranter interface is used to map a given principal to role names.
A
ReactiveAuthorizationManager that determines if the current user is
authorized by evaluating if the Authentication contains a specified authority.Utility method for manipulating GrantedAuthority collections etc.
An interface that indicates method security advice
A proxy factory for applying authorization advice to an arbitrary object.
An interface to handle how the
AuthorizationAdvisorProxyFactory should step
through the target's object hierarchy.Authorizes
Message resources using the provided AuthorizationManagerAn implementation of an
OAuth2AuthorizedClientProvider for the
authorization_code grant.An implementation of a
ReactiveOAuth2AuthorizedClientProvider for the
authorization_code grant.An
ApplicationEvent which indicates failed authorization.An
AccessDeniedException that contains the AuthorizationResultA parent class for
AuthorizationGrantedEvent and
AuthorizationDeniedEvent.A contract for publishing authorization events
Deprecated.
Use
AuthorizationDeniedEvent
insteadAn authorization filter that restricts access to the URL using
AuthorizationManager.An
ApplicationEvent which indicates successful authorization.An authorization grant is a credential representing the resource owner's authorization
(to access its protected resources) to the client and used by the client to obtain an
access token.
Ordering of Spring Security's authorization
AdvisorsAn Authorization manager which can determine if an
Authentication has access to
a specific object.A
MethodInterceptor which can determine if an Authentication has access
to the result of an MethodInvocation using an AuthorizationManagerA
MethodInterceptor which can determine if an Authentication has access
to the returned object from the MethodInvocation using the configured
ReactiveAuthorizationManager.A
MethodInterceptor which uses a AuthorizationManager to determine if
an Authentication may invoke the given MethodInvocationA
MethodInterceptor which can determine if an Authentication has access
to the MethodInvocation using the configured
ReactiveAuthorizationManager.Creates common
AuthorizationManagerFactory instances.A builder that allows creating
DefaultAuthorizationManagerFactory with
additional requirements for RequiredFactors.A factory for creating different kinds of
AuthorizationManager instances.A factory class to create an
AuthorizationManager instances.An implementation of
WebInvocationPrivilegeEvaluator which delegates the checks
to an instance of AuthorizationManagerUsed to transform the
HttpServletRequest prior to passing it into the
AuthorizationManager.An
Observation.Context used during authorizationsAn
ObservationConvention for translating authorizations into KeyValues.Provides authorization of the
PayloadExchange.An interface that is typically implemented by Spring Security's AOP support to identify
an instance as being proxied by Spring Security.
A factory for wrapping arbitrary objects in authorization-related advice
Implementations of this interface are responsible for the persistence of
OAuth2AuthorizationRequest between requests.Represents an authorization result
A context that holds information of the Authorization Server runtime environment.
A holder of the
AuthorizationServerContext that associates it with the current
thread using a ThreadLocal.A facility for authorization server configuration settings.
A builder for
AuthorizationServerSettings.Thrown if an authorization request could not be processed due to a system problem.
An implementation of an
OAuth2AuthorizedClientManager that is capable of
operating outside of the context of a HttpServletRequest, e.g.The default implementation of the
contextAttributesMapper.An implementation of a
ReactiveOAuth2AuthorizedClientManager that is capable of
operating outside of the context of a ServerWebExchange, e.g.The default implementation of the
contextAttributesMapper.Deprecated.
Use
AuthorizationGrantedEvent
insteadAdds a URL based authorization using
AuthorizationManager.Wraps Spring Security method authorization advice around the return object of any
method this annotation is applied to.
A
SecurityHintsRegistrar that scans all beans for methods that use
AuthorizeReturnObject and registers those return objects as
TypeHints.A
SecurityHintsRegistrar that scans all beans for implementations of
RepositoryFactoryBeanSupport, registering the corresponding entity class as a
TypeHint should any if that repository's method
use AuthorizeReturnObject.A
SecurityHintsRegistrar implementation that registers only the classes
provided in the constructor.A method interceptor that applies the given
AuthorizationProxyFactory to any
return value annotated with AuthorizeReturnObjectA class used to get all the
WebSecurityConfigurer instances from the current
ApplicationContext but ignoring the parent.Thrown if an authentication request is rejected because the credentials are invalid.
An exception similar to
BadCredentialsException that
indicates a Jwt that is invalid in some way.An exception similar to
BadCredentialsException that
indicates an opaque token that is invalid in some way.Implementation of
PasswordEncoder
that uses the Password4j library with Balloon hashing algorithm.A StringKeyGenerator that generates base64-encoded String keys.
A set of standard permissions.
Converts from a HttpServletRequest to
UsernamePasswordAuthenticationToken that
can be authenticated.Deprecated.
Basic Authentication did not evolve into a standard.
Deprecated.
Basic Authentication did not evolve into a standard.
Used by the
ExceptionTranslationFilter to commence authentication via the
BasicAuthenticationFilter.Processes a HTTP request's BASIC authorization headers, putting the result into the
SecurityContextHolder.Deprecated.
please use
AuthenticationPayloadExchangeConverter insteadPerforms lookups in a manner that is compatible with ANSI SQL.
BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in
"A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.
Implementation of
PasswordEncoder
that uses the Password4j library with BCrypt hashing algorithm.Implementation of PasswordEncoder that uses the BCrypt strong hashing function.
Stores the default bcrypt version for use in configuration.
Contains globally used default Bean IDs for beans created by the namespace support in
Spring Security 2.
Deprecated.
please use
AuthenticationPayloadExchangeConverter insteadTranslates any
AccessDeniedException into an HTTP response in accordance with
RFC 6750
Section 3: The WWW-Authenticate.An
Authentication token that represents a
successful authentication as obtained through a bearer token.A builder preserving the concrete
Authentication typeImplementation of
AuthenticationConverter, that converts request to
BearerTokenAuthenticationTokenEncodes Bearer
Authentication.
An
AuthenticationEntryPoint implementation used to commence authentication of
protected resource requests using BearerTokenAuthenticationFilter.Authenticates requests that contain an OAuth 2.0
Bearer
Token.
An
Authentication that contains a
Bearer
Token.A representation of a
Bearer Token
Error.
Standard error codes defined by the OAuth 2.0 Authorization Framework: Bearer Token
Usage.
A factory for creating
BearerTokenError instances that correspond to the
registered Bearer Token Error
Codes.Represents a bearer token that has been encoded into a
Payload#metadata().A strategy for resolving
Bearer
Tokens from the
HttpServletRequest.Translates any
AccessDeniedException into an HTTP response in accordance with
RFC 6750
Section 3: The WWW-Authenticate.An
AuthenticationEntryPoint implementation used to commence authentication of
protected resource requests using BearerTokenAuthenticationFilter.An authenticator which binds as a user.
An Encryptor equivalent to
AesBytesEncryptor using AesBytesEncryptor.CipherAlgorithm.CBC
that uses Bouncy Castle instead of JCE.An Encryptor equivalent to
AesBytesEncryptor using AesBytesEncryptor.CipherAlgorithm.GCM
that uses Bouncy Castle instead of JCE.An object representation of byte[].
Service interface for symmetric data encryption.
A generator for unique byte array-based keys.
Inserts headers to prevent caching if no cache control headers have been specified.
Writes cache control related headers.
A cache-based
Saml2AuthenticationRequestRepository.An
IterableRelyingPartyRegistrationRepository that lazily queries and caches
metadata from a backing IterableRelyingPartyRegistrationRepository.Implementation of
UserDetailsService that utilizes caching through a
UserCacheTemporary authentication object needed to load the user details service.
Used by the
ExceptionTranslationFilter to commence authentication via the
JA-SIG Central Authentication Service (CAS).Processes a CAS service ticket, obtains proxy granting tickets, and processes proxy
tickets.
An
AuthenticationProvider implementation that integrates with JA-SIG Central
Authentication Service (CAS).Represents a successful CAS
Authentication.A builder of
CasAuthenticationToken instancesRedirects the request to the CAS server appending
gateway=true to the URL.A
RequestMatcher implementation that delegates the check to an instance of
GatewayResolver.Deprecated, for removal: This API element is subject to removal in a future version.
as of 7.0 in favor of
CasJacksonModule based on Jackson 3Jackson module for spring-security-cas.
An
Authentication implementation that is
designed to process CAS service ticket.CasServiceTicketAuthenticationToken.Builder<B extends CasServiceTicketAuthenticationToken.Builder<B>>
A builder of
CasServiceTicketAuthenticationToken instancesUses
HttpServletRequest.changeSessionId() to protect against session fixation
attacks.Deprecated.
In modern Spring Security APIs, each API manages its own configuration
context.
Deprecated.
no replacement is planned, though consider using a custom
RequestMatcher for any sophisticated decision-makingDeprecated.
no replacement is planned, though consider using a custom
RequestMatcher for any sophisticated decision-makingDeprecated.
please use
HttpsRedirectFilter and its
associated PortMapperDeprecated.
Deprecated.
no replacement is planned, though consider using a custom
RequestMatcher for any sophisticated decision-makingDeprecated.
please use
HttpsRedirectConfigurer insteadDeprecated.
Use
AuthorizationChannelInterceptor insteadThrown if an
Acl cannot be deleted because children Acls exist.An "accessor" for a set of claims that may be used for assertions.
A
ConversionService configured with converters that provide type conversion for
claim values.A
Converter that provides type conversion for claim values.Provides support for Clear
Site Data.
Represents the directive values expected by the
ClearSiteDataHeaderWriter.
Writes the
Clear-Site-Data response header when the request is secure.
Represents the directive values expected by the
ClearSiteDataServerHttpHeadersWriterUsed for accessing the attribute that stores the the
ClientRegistration.getRegistrationId().The authentication method used when authenticating the client with the authorization
server.
This exception is thrown on the client side when an attempt to authenticate or
authorize an OAuth 2.0 client fails.
This exception is thrown when an OAuth 2.0 Client is required to obtain authorization
from the Resource Owner.
An implementation of an
OAuth2AuthorizedClientProvider for the
client_credentials grant.An implementation of a
ReactiveOAuth2AuthorizedClientProvider for the
client_credentials grant.A representation of a client registration with an OAuth 2.0 or OpenID Connect 1.0
Provider.
A builder for
ClientRegistration.A facility for client configuration settings.
This annotation can be added to the method of an interface based HTTP client created
using
HttpServiceProxyFactory to
automatically associate an OAuth token with the request.Invokes
ClientAttributes.clientRegistrationId(String) with the value specified
by ClientRegistrationId on the request.A repository for OAuth 2.0 / OpenID Connect 1.0
ClientRegistration(s).Allows creating a
ClientRegistration.Builder from an OpenID
Provider Configuration or
Authorization Server
Metadata based on provided issuer.An
AuthenticationProvider implementation used for OAuth 2.0 Client
Authentication, which authenticates the client_secret parameter.Attempts to extract HTTP Basic credentials from
HttpServletRequest and then
converts to an OAuth2ClientAuthenticationToken used for authenticating the
client.Attempts to extract client credentials from POST parameters of
HttpServletRequest and then converts to an
OAuth2ClientAuthenticationToken used for authenticating the client.A facility for client configuration settings.
A builder for
ClientSettings.Common OAuth2 Providers that can be used to create
builders pre-configured with sensible defaults for the
HttpSecurity.oauth2Login(Customizer) flow.A
HeaderWriter that delegates to several other HeaderWriters.Performs a logout through all the
LogoutHandler implementations.A
RequestRejectedHandler that delegates to several other
RequestRejectedHandlers.Combines multiple
ServerHttpHeadersWriter instances into a single instance.A
SessionAuthenticationStrategy that accepts multiple
SessionAuthenticationStrategy implementations to delegate to.An API for checking if a password has been compromised.
Indicates that the provided password is compromised
Strategy which handles concurrent session-control.
Controls the number of sessions a user can have concurrently authenticated in an
application.
Filter required by concurrent session handling package.
Deprecated.
In modern Spring Security APIs, each API manages its own configuration
context.
The names for all the configuration settings.
The names for authorization server configuration settings.
The names for client configuration settings.
The names for token configuration settings.
Deprecated.
Use
AuthorizationManager insteadA basic implementation of
AuditLogger.
Provides support for Content Security Policy
(CSP) Level 2.
Writes the
Content-Security-Policy response header with configured policy
directives.Adds X-Content-Type-Options: nosniff
A facility for holding information associated to a specific context.
Checks for the presence of a ContextSource instance.
A logout handler which clears either - A defined list of cookie names, using the
context path as the cookie path OR - A given list of Cookies
A
CsrfTokenRepository that persists the CSRF token in a cookie named
"XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of
AngularJS.An Implementation of
RequestCache which saves the original request URI in a
cookie.A
ServerCsrfTokenRepository that persists the CSRF token in a cookie named
"XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of
AngularJS.An implementation of
ServerRequestCache that saves the requested URI in a
cookie.Deprecated, for removal: This API element is subject to removal in a future version.
as of 7.0 in favor of
CoreJacksonModule based on Jackson 3Jackson module for spring-security-core.
Parser for the
CorsFilter.Adds
CorsFilter to the Spring Security filter chain.COSEAlgorithmIdentifier is
used to identify a cryptographic algorithm.
CredentialPropertiesOutput
is the Client extension output.
The output for
CredentialPropertiesOutputRepresents a Credential
Record that is stored by the Relying Party
after
successful registration.
Indicates that the implementing object contains sensitive data, which can be erased
using the
eraseCredentials method.Thrown if an authentication request is rejected because the account's credentials have
expired.
Implements
Credential Protection (credProtect).
Inserts Cross-Origin-Embedder-Policy header.
Inserts Cross-Origin-Embedder-Policy headers.
Inserts the Cross-Origin-Opener-Policy header
Inserts Cross-Origin-Opener-Policy header.
Inserts Cross-Origin-Resource-Policy header
Inserts Cross-Origin-Resource-Policy headers.
CsrfAuthenticationStrategy is in charge of removing the CsrfToken upon
authenticating.Parser for the
CsrfFilter.ChannelInterceptor that validates that a valid CSRF is included in the header
of any SimpMessageType.CONNECT message.Adds
CSRF
protection for the methods as specified by
CsrfConfigurer.requireCsrfProtectionMatcher(RequestMatcher).Thrown when an invalid or missing
CsrfToken is found in the HttpServletRequestThrown when an invalid or missing
CsrfToken is found in the ServerWebExchange
Applies
CSRF
protection using a synchronizer token pattern.
A JSP tag that prints out a hidden form field for the CSRF token.
CsrfLogoutHandler is in charge of removing the CsrfToken upon logout.A JSP tag that prints out a meta tags holding the CSRF form field name and token value
for use in JavaScrip code.
Integration with Spring Web MVC that automatically adds the
CsrfToken into
forms with hidden inputs when using Spring tag libraries.CsrfServerLogoutHandler is in charge of removing the CsrfToken upon
logout.Provides the information about an expected CSRF token.
Allows resolving the current
CsrfToken.Loads a CsrfToken from the HttpServletRequest and HttpServletResponse to populate the
WebSocket attributes.
An API to allow changing the method in which the expected
CsrfToken is
associated to the HttpServletRequest.An implementation of the
CsrfTokenRequestHandler interface that is capable of
making the CsrfToken available as a request attribute and resolving the token
value as either a header or parameter value of the request.A callback interface that is used to make the
CsrfToken created by the
CsrfTokenRepository available as a request attribute.Implementations of this interface are capable of resolving the token value of a
CsrfToken from the provided HttpServletRequest.
Applies
CSRF
protection using a synchronizer token pattern.
Represents a
Permission that is constructed at runtime from other
permissions.Annotation that is used to resolve the
SecurityContext as a method argument.Allows resolving the
Authentication.getPrincipal() using the
CurrentSecurityContext annotation.Allows resolving the
SecurityContext using the CurrentSecurityContext
annotation.Resolves the
SecurityContextCallback interface that accepts a single input argument and returns no result.
Exception that is thrown because of a cycle in the role hierarchy definition
Allows configuring a
DaoAuthenticationProviderAn
AuthenticationProvider implementation that retrieves user details from a
UserDetailsService.Spring Security debugging filter.
The default strategy for obtaining user role information from the active directory.
The default implementation of an
Address Claim.A builder for
DefaultAddressStandardClaim.The default strategy for publishing authentication events.
A factory for creating different kinds of
AuthorizationManager instances.The default
BearerTokenResolver implementation based on RFC 6750.A CSRF token that is used to protect against CSRF attacks.
A CSRF token that is used to protect against CSRF attacks.
Deprecated.
In modern Spring Security APIs, each API manages its own configuration
context.
Default implementation of
GenerateOneTimeTokenRequestResolver.
User's should consider using
StrictHttpFirewall because rather than trying to
sanitize a malicious URL it rejects the malicious URL providing better security
guarantees.A
SecurityExpressionHandler that uses a RequestAuthorizationContext to
create a WebSecurityExpressionRoot.
Creates a LoginContext using the Configuration provided to it.
The default strategy for obtaining user role information from the directory.
This implementation appends a name component to the userDnBase context using
the usernameAttributeName property.
This LoginExceptionResolver simply wraps the LoginException with an
AuthenticationServiceException.
Adds a Filter that will generate a login page if one is not specified otherwise when
using
EnableWebSecurity.For internal use with namespace configuration in the case where a user doesn't
configure a login page.
Generates a default log out page.
A
Converter that converts the provided OAuth 2.0 Access Token Response
parameters to an OAuth2AccessTokenResponse.The default implementation of
SecurityExpressionHandler which uses a
MessageSecurityExpressionRoot.Deprecated.
Use
MessageMatcherDelegatingAuthorizationManager insteadThe standard implementation of
MethodSecurityExpressionHandler.A
Converter that converts the provided OAuth2AccessTokenResponse to a
Map representation of the OAuth 2.0 Access Token Response parameters.A domain object that wraps the attributes of an OAuth 2.0 token.
An implementation of an
OAuth2AuthorizationRequestResolver that attempts to
resolve an OAuth2AuthorizationRequest from the provided
HttpServletRequest using the default request URI pattern
/oauth2/authorization/{registrationId}.The default implementation of an
OAuth2AuthorizedClientManager for use within
the context of a HttpServletRequest.The default implementation of the
contextAttributesMapper.Default implementation of
OAuth2TokenContext.A builder for
DefaultOAuth2TokenContext.Default
Converter used to convert an
AbstractOAuth2AuthorizationGrantRequest to the HttpHeaders of a
RequestEntity representation of an OAuth 2.0 Access Token Request for the
specific Authorization Grant.Default
Converter used to convert an
AbstractOAuth2AuthorizationGrantRequest to the default parameters of an OAuth 2.0 Access Token Request.The default implementation of an
OAuth2User.An implementation of an
OAuth2UserService that supports standard OAuth 2.0
Provider's.The default implementation of an
OidcUser.A default implementation of
OneTimeTokenCreates a default one-time token submit page.
Default implementation of
PayloadExchangeDefault implementation of
PermissionFactory.The default implementation of a
ReactiveOAuth2AuthorizedClientManager for use
within the context of a ServerWebExchange.The default implementation of the
contextAttributesMapper.An implementation of an
ReactiveOAuth2UserService that supports standard OAuth
2.0 Provider's.Simple implementation of RedirectStrategy which is the default used throughout
the framework.
A
Converter that resolves a RelyingPartyRegistration by extracting the
registration id from the request, querying a
RelyingPartyRegistrationRepository, and resolving any template values.Default implementation of
RequestRejectedHandler that simply rethrows the
exception.Serve common static assets used in default UIs, such as CSS or Javascript files.
Serve common static assets used in default UIs, such as CSS or Javascript files.
Deprecated.
Please use
Saml2ResponseAssertionAccessorRepresents central information from a
HttpServletRequest.Standard implementation of
SecurityFilterChain.Spring Security's default
ParameterNameDiscoverer which tries a number of
ParameterNameDiscoverer depending on what is found on the classpath.Default implementation of
ServerGenerateOneTimeTokenRequestResolver.The default implementation of
ServerOAuth2AuthorizationRequestResolver.The default
ServerRedirectStrategy to use.ContextSource implementation which uses Spring LDAP's LdapContextSource as a
base class.
The default implementation of
Token.A
Filter that renders a default WebAuthn registration page.Deprecated.
An interface that allows delayed access to a
CsrfToken that may be generated.An interface that allows delayed access to a
SecurityContext that may be
generated.An
AccessDeniedHandler that delegates to other AccessDeniedHandler
instances based upon the type of AccessDeniedException passed into
DelegatingAccessDeniedHandler.handle(HttpServletRequest, HttpServletResponse, AccessDeniedException).Used for delegating to a number of SmartApplicationListener instances.
A
AuthenticationConverter, that iterates over multiple
AuthenticationConverter.An
AuthenticationEntryPoint which selects a concrete
AuthenticationEntryPoint based on a RequestMatcher evaluation.Used to build a new instance of
DelegatingAuthenticationEntryPoint.An
AuthenticationFailureHandler that delegates to other
AuthenticationFailureHandler instances based upon the type of
AuthenticationException passed into
DelegatingAuthenticationFailureHandler.onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException)
.Delegates to logout handlers based on matched request matchers
Deprecated.
Use the
use-authorization-manager attribute for
<method-security> and <intercept-methods> instead or use
annotation-based or AuthorizationManager-based authorizationA builder for configuring the set of authority/entry-point pairs
An implementation of an
OAuth2AuthorizedClientProvider that simply delegates to
its internal List of OAuth2AuthorizedClientProvider(s).A composite validator
An implementation of an
OAuth2UserService that simply delegates to its internal
List of OAuth2UserService(s).A password encoder that delegates to another PasswordEncoder based upon a prefixed
identifier.
A
ReactiveAuthenticationManager that delegates to other
ReactiveAuthenticationManager instances.An implementation of a
ReactiveOAuth2AuthorizedClientProvider that simply
delegates to its internal List of
ReactiveOAuth2AuthorizedClientProvider(s).Delegates to the provided
HeaderWriter when
RequestMatcher.matches(HttpServletRequest) returns true.An
AsyncTaskExecutor which wraps each Runnable in a
DelegatingSecurityContextRunnable and each Callable in a
DelegatingSecurityContextCallable.
Wraps a delegate
Callable with logic for setting up a SecurityContext
before invoking the delegate Callable and then removing the
SecurityContext after the delegate has completed.An
ExecutorService which wraps each Runnable in a
DelegatingSecurityContextRunnable and each Callable in a
DelegatingSecurityContextCallable.
Wraps a delegate
Runnable with logic for setting up a SecurityContext
before invoking the delegate Runnable and then removing the
SecurityContext after the delegate has completed.An
ScheduledExecutorService which wraps each Runnable in a
DelegatingSecurityContextRunnable and each Callable in a
DelegatingSecurityContextCallable.An
SchedulingTaskExecutor which wraps each Runnable in a
DelegatingSecurityContextRunnable and each Callable in a
DelegatingSecurityContextCallable.An implementation of
TaskScheduler invoking it whenever the trigger indicates a
next execution time.A
ServerAuthenticationConverter that delegates to other
ServerAuthenticationConverter instances.A
ServerAuthenticationEntryPoint which delegates to multiple
ServerAuthenticationEntryPoint based on a ServerWebExchangeMatcherDelegates to a collection of
ServerAuthenticationSuccessHandler
implementations.Delegates to a collection of
ServerLogoutHandler implementations.A null PermissionEvaluator which denies all access.
Used by the
SecurityEnforcementFilter to commence authentication via the
DigestAuthenticationFilter.Processes a HTTP request's Digest authorization headers, putting the result into the
SecurityContextHolder.Thrown if an authentication request is rejected because the account is disabled.
Disables encoding URLs using the
HttpServletResponse to prevent including the
session id in URLs which is not considered URL because the session id can be leaked in
things like HTTP access logs.Checks the
DispatcherType to decide whether to match a given request.An
AuthenticationProvider implementation that is responsible for authenticating
a DPoP-bound access token for a protected resource request.An
Authentication representing a protected resource request with a DPoP-bound
access token.A context class that holds a DPoP Proof
Jwt and additional parameters
associated to an Access Token request or a Protected Resource request.A builder for
DPoPProofContext.A
factory that provides a JwtDecoder for the
specified DPoPProofContext and is used for authenticating a DPoP Proof
Jwt.Contains all the element names used by Spring Security 3 namespace support.
A RequestMatcher implementation which uses a SpEL expression
Provides lifecycle services for an embedded LDAP server.
Creates a
DefaultSpringSecurityContextSource used to perform LDAP
authentication and starts and in-memory LDAP server.The
EnableGlobalAuthentication annotation signals that the annotated class can
be used to configure a global instance of AuthenticationManagerBuilder.Deprecated.
Use
EnableMethodSecurity insteadExposes a
DefaultAuthorizationManagerFactory as a Bean with the
EnableGlobalMultiFactorAuthentication.authorities() specified as additional required authorities.Enables Spring Security Method Security.
Add this annotation to a
Configuration class to have Spring Security
RSocketSecurity support added.Add this annotation to a
Configuration class to have Spring Security WebFlux
support added.Add this annotation to an
@Configuration class to have the Spring Security
configuration defined in any WebSecurityConfigurer or more likely by exposing a
SecurityFilterChain bean:Allows configuring WebSocket Authorization.
Static helper for encoding data.
Factory for commonly used encryptors.
Adapter that wraps an
Enumeration around a Java 2 collection
Iterator.Adds exception handling for Spring Security related exceptions to an application.
Uses the internal map of exceptions types to URLs to determine the destination on
authentication failure.
Handles any
AccessDeniedException and AuthenticationException
thrown within the filter chain.Web filter that redirects requests that match
ServerWebExchangeMatcher to the
specified URL.Represents an
AuthorizationDecision based on a ExpressionDeprecated.
Use
AuthorizationManager
interceptors insteadDeprecated.
In modern Spring Security APIs, each API manages its own configuration
context.
Deprecated.
Use
MessageMatcherDelegatingAuthorizationManager
insteadDeprecated.
Use
AuthorizationManagerAfterMethodInterceptor
insteadDeprecated.
Use
AuthorizationManagerAfterMethodInterceptor
insteadUses an expression for extracting the token claim value to use for mapping
authorities.Provides a mechanism for providing custom values from enum types used in security
meta-annotation expressions.
An
AuthorizationResult that contains RequiredFactorError.A
GrantedAuthority specifically used for indicating the factor used at time of
authentication.Builder for
FactorGrantedAuthority.Utility class to generate HTTP dates.
Provides support for Feature
Policy.
Writes the
Feature-Policy response header with configured policy directives.Offers static methods for directly manipulating fields.
LdapUserSearch implementation which uses an Ldap filter to locate the user.
Sets the filter chain Map for a FilterChainProxy bean declaration.
Delegates
Filter requests to a list of Spring-managed filter beans.A strategy for decorating the provided filter chain with one that accounts for the
SecurityFilterChain for a given request.A
FilterChainProxy.FilterChainDecorator that uses the FilterChainProxy.VirtualFilterChainHolds objects associated with a HTTP filter.
Deprecated.
In modern Spring Security APIs, each API manages its own configuration
context.
Deprecated.
Use `use-authorization-manager` property instead
Deprecated.
Use
AuthorizationFilter insteadRequest wrapper which is returned by the
HttpFirewall interface.Eagerly creates
HttpSession if it does not already exist.Adds form based authentication.
Redirect using an auto-submitting HTML form using the POST method.
Redirect using an auto-submitting HTML form using the POST method.
Forward Authentication Failure Handler
Forward Authentication Success Handler
LogoutSuccessHandler implementation that will perform a request dispatcher
"forward" to the specified target URL.Filter that process a One-Time Token generation request.
Class to store information related to an One-Time Token authentication request
A strategy for resolving a
GenerateOneTimeTokenRequest from the
HttpServletRequest.WebFilter implementation that process a One-Time Token generation request.A
SecurityConfigurer that can be exposed as a bean to configure the global
AuthenticationManagerBuilder.Deprecated.
Use
MethodSecurityBeanDefinitionParser insteadDeprecated.
Use
PrePostMethodSecurityConfiguration,
SecuredMethodSecurityConfiguration, or
Jsr250MethodSecurityConfiguration insteadConfig for global jaas.
Indicates that a object stores GrantedAuthority objects.
Mapping interface which can be injected into the authentication layer to convert the
authorities loaded from storage into those which will be used in the
Authentication object.Represents an authority granted to an
Authentication object.Allows providing defaults for
GrantedAuthorityPopulates the
GrantedAuthoritys for a user by
reading a list of attributes that were returned as part of the CAS response.Represents a
GrantedAuthority as a Sid.Allows management of groups of authorities and their members.
Annotation for specifying handling behavior when an authorization denied happens in
method security or an
AuthorizationDeniedException is
thrown during method invocationChecks if the provided password was leaked by relying on
Have I Been Pwned REST
API.
Checks if the provided password was leaked by relying on
Have I Been Pwned REST
API.
Represents a Header to be added to the
HttpServletResponseGeneric resolver extracting pre-authenticated JWT identity from a custom header.
Parser for the
HeadersFilter.
Adds the Security HTTP headers to the response.
Contract for writing headers to a
HttpServletResponseFilter implementation to add headers to the current response.
A
ServerLogoutHandler implementation which writes HTTP headers during logout.Hex data encoder.
Deprecated.
see Certificate
and Public Key Pinning for more context
Provides support for HTTP Strict
Transport Security (HSTS).
In the pre-authenticated authentication case (unlike CAS, for example) the user will
already have been identified through some external mechanism and a secure context
established by the time the security-enforcement filter is invoked.
Adds HTTP basic based authentication.
Prompts a user for HTTP Basic authentication.
Interface which can be used to reject potentially dangerous requests and/or wrap them
to control their behaviour.
Injects the supplied
HttpFirewall bean reference into the
FilterChainProxy.Invokes a
ServerHttpHeadersWriter on
ReactiveHttpOutputMessage.beforeCommit(java.util.function.Supplier).An
AuthenticationSuccessHandler that writes a JSON response with the redirect
URL and an authenticated status similar to:
{
"redirectUrl": "/user/profile",
"authenticated": true
}
A response object used to write the JSON response for successful authentication.
A
HttpSecurity is similar to Spring Security's XML <http> element in the
namespace configuration.Sets up HTTP security: filter stack and protected URLs.
Published by the
HttpSessionEventPublisher when an HttpSession is
created by the containerPublished by the
HttpSessionEventPublisher when a HttpSession is removed from
the containerDeclared in web.xml as
Published by the
HttpSessionEventPublisher when an HttpSession ID is
changed.An implementation of an
Saml2LogoutRequestRepository that stores
Saml2LogoutRequest in the HttpSession.An implementation of an
AuthorizationRequestRepository that stores
OAuth2AuthorizationRequest in the HttpSession.An implementation of an
OAuth2AuthorizedClientRepository that stores
OAuth2AuthorizedClient's in the HttpSession.A
PublicKeyCredentialRequestOptionsRepository that stores the
PublicKeyCredentialRequestOptions in the
HttpSession.RequestCache which stores the SavedRequest in the HttpSession.A
Saml2AuthenticationRequestRepository implementation that uses
HttpSession to store and retrieve the
AbstractSaml2AuthenticationRequestA
SecurityContextRepository implementation which stores the security context in
the HttpSession between requests.Specifies for what requests the application should redirect to HTTPS.
Redirects any non-HTTPS request to its HTTPS equivalent.
Redirects any non-HTTPS request to its HTTPS equivalent.
An
AccessDeniedHandler that sends an HttpStatus as a response.An
AuthenticationEntryPoint that sends a generic HttpStatus as a
response.A simple implementation of
ServerExchangeRejectedHandler that sends an error
with configurable status code.A simple implementation of
RequestRejectedHandler that sends an error with
configurable status code.Implementation of the
LogoutSuccessHandler.Implementation of the
ServerLogoutSuccessHandler.Sets the provided HTTP Status when access is denied.
A
ServerAuthenticationEntryPoint that sends a generic HttpStatus as a
response.Thrown if an ACL identity could not be extracted from an object.
A
ClaimAccessor for the "claims" that can be returned in the ID
Token, which provides information about the authentication of an End-User by an
Authorization Server.The names of the "claims" defined by the OpenID Connect Core 1.0
specification that can be returned in the ID Token.
An immutable
AuthenticationExtensionsClientInput.An immutable implementation of
AuthenticationExtensionsClientInputs.An immutable implementation of
AuthenticationExtensionsClientOutputs.An immutable
CredentialRecord.An immutable
PublicKeyCoseAn immutable implementation of
PublicKeyCredentialCreationOptionsRequest.PublicKeyCredentialUserEntity
is used to supply additional
user account attributes
when creating a new credential.
Used to build
PublicKeyCredentialUserEntity.Contains the information necessary to register a new Credential.
UserDetails implementation whose properties are based on a subset of the LDAP schema
for inetOrgPerson.
A
ClientRegistrationRepository that stores ClientRegistration(s)
in-memory.
An in memory representation of a JAAS configuration.
An
OAuth2AuthorizationConsentService that stores
OAuth2AuthorizationConsent's in-memory.An
OAuth2AuthorizationService that stores OAuth2Authorization's
in-memory.An
OAuth2AuthorizedClientService that stores Authorized Client(s) in-memory.An in-memory implementation of
OidcSessionRegistryProvides an in-memory implementation of the
OneTimeTokenService interface that
uses a ConcurrentHashMap to store the generated OneTimeToken.A Reactive
ClientRegistrationRepository that stores
ClientRegistration(s) in-memory.An
OAuth2AuthorizedClientService that stores Authorized Client(s) in-memory.An in-memory implementation of
ReactiveOidcSessionRegistryReactive adapter for
InMemoryOneTimeTokenServiceProvides an in-memory implementation of
ReactiveSessionRegistry.A
RegisteredClientRepository that stores RegisteredClient(s) in-memory.An in-memory implementation of
RelyingPartyRegistrationRepository.An in memory implementation of Spring's
Resource
interface.Simple PersistentTokenRepository implementation backed by a Map.
Non-persistent implementation of
UserDetailsManager which is backed by an
in-memory map.Configures an
AuthenticationManagerBuilder
to have in memory authentication.Deprecated.
no replacement is planned, though consider using a custom
RequestMatcher for any sophisticated decision-makingThrown if an authentication request is rejected because the credentials are not
sufficiently trusted.
Indicates an interactive authentication was successful.
Deprecated.
Use delegation with
AuthorizationManager
Thrown if an authentication request could not be processed due to a system problem that
occurred internally.
Implementation of
ServerMaximumSessionsExceededHandler that invalidates the
least recently used ReactiveSessionInformation and removes the related sessions
from the WebSessionStore.An
OAuth2AuthenticationException that indicates an invalid bearer token.Exception thrown by a RememberMeServices implementation to indicate that a submitted
cookie is of an invalid format or has expired.
Thrown when an expected
CsrfToken exists, but it does not match the value
present on the HttpServletRequestAn
AuthenticationException that indicates an invalid one-time token.An adapter of
InvalidSessionStrategy to AccessDeniedHandlerDetermines the behaviour of the
SessionManagementFilter when an invalid session
Id is submitted and detected in the SessionManagementFilter.A
AuthorizationManager, that determines if the current request contains the
specified address or range of addressesMatches a request based on IP Address or subnet mask matching against the remote
address.
A
ReactiveAuthorizationManager, that determines if the current request contains
the specified address or range of addressesMatches a request based on IP Address or subnet mask matching against the remote
address.
An interface that simplifies APIs which require the
RelyingPartyRegistrationRepository to also be IterableImplementation of AuthenticationDetailsSource which converts the user's J2EE roles (as
obtained by calling
HttpServletRequest.isUserInRole(String)) into
GrantedAuthoritys and stores these in the authentication details object.This AbstractPreAuthenticatedProcessingFilter implementation is based on the J2EE
container-based authentication mechanism.
A
Filter which attempts to obtain a JAAS Subject and continue
the FilterChain running as that Subject.The JaasAuthenticationCallbackHandler is similar to the
javax.security.auth.callback.CallbackHandler interface in that it defines a handle
method.
Parent class for events fired by the
JaasAuthenticationProvider.Fired when LoginContext.login throws a LoginException, or if any other exception is
thrown during that time.
An
AuthenticationProvider implementation that retrieves user details from a
JAAS login configuration.Fired by the
JaasAuthenticationProvider after successfully logging the user into the LoginContext,
handling all callbacks, and calling all AuthorityGranters.UsernamePasswordAuthenticationToken extension to carry the Jaas LoginContext that the
user was logged into
A builder of
JaasAuthenticationToken instancesGrantedAuthority which, in addition to the assigned role, holds the principal
that an AuthorityGranter used as a reason to grant this authority.The most basic Callbacks to be handled when using a LoginContext from JAAS, are the
NameCallback and PasswordCallback.
The most basic Callbacks to be handled when using a LoginContext from JAAS, are the
NameCallback and PasswordCallback.
Holds the Subject of the currently authenticated user, since this Jaas object also has
the credentials, and permits creating new credentials against other Kerberos services.
JAAS utility functions.
Simple JDBC-based implementation of
AclService.A JDBC implementation of
AssertingPartyMetadataRepository.UserDetailsService implementation which retrieves the user details (username,
password, enabled flag, and authorities) from a database using JDBC queries.
Provides a base JDBC implementation of
MutableAclService.A JDBC implementation of an
OAuth2AuthorizationConsentService that uses a
JdbcOperations for OAuth2AuthorizationConsent persistence.A JDBC implementation of an
OAuth2AuthorizationService that uses a
JdbcOperations for OAuth2Authorization persistence.The default
Function that maps OAuth2Authorization to a
List of SqlParameterValue using an instance of Jackson 3's
JsonMapper.The default
RowMapper that maps the current row in
java.sql.ResultSet to OAuth2Authorization using Jackson 3's
JsonMapper to read all Map<String,Object> within the result.Deprecated, for removal: This API element is subject to removal in a future version.
Use
JdbcOAuth2AuthorizationService.JsonMapperOAuth2AuthorizationParametersMapper to migrate to
Jackson 3.Deprecated, for removal: This API element is subject to removal in a future version.
Use
JdbcOAuth2AuthorizationService.JsonMapperOAuth2AuthorizationRowMapper to switch to Jackson
3.A JDBC implementation of an
OAuth2AuthorizedClientService that uses a
JdbcOperations for OAuth2AuthorizedClient persistence.A holder for an
OAuth2AuthorizedClient and End-User Authentication
(Resource Owner).The default
Function that maps JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder to a
List of SqlParameterValue.A JDBC implementation of an
OneTimeTokenService that uses a
JdbcOperations for OneTimeToken persistence.A JDBC implementation of an
PublicKeyCredentialUserEntityRepository that uses a
JdbcOperations for PublicKeyCredentialUserEntity persistence.A JDBC implementation of a
RegisteredClientRepository that uses a
JdbcOperations for RegisteredClient persistence.JDBC based persistent login token repository implementation.
A JDBC implementation of an
UserCredentialRepository that uses a
JdbcOperations for CredentialRecord persistence.Jdbc user management service, based on the same table structure as its parent class,
JdbcDaoImpl.
Configures an
AuthenticationManagerBuilder
to have JDBC authentication.Adds support for J2EE pre authentication.
The Registered Header Parameter Names defined by the JSON Web Token (JWT), JSON Web
Signature (JWS) and JSON Web Encryption (JWE) specifications that may be contained in
the JOSE Header of a JWT.
A JSP
Tag implementation of AbstractAuthorizeTag.An
AuthorizationManager which can determine if an Authentication may
invoke the MethodInvocation by evaluating if the Authentication
contains a specified authority from the JSR-250 security annotations.Deprecated.
Use
Jsr250AuthorizationManager
insteadDeprecated.
Deprecated.
Use
Jsr250AuthorizationManager
insteadSuper interface for cryptographic algorithms defined by the JSON Web Algorithms (JWA)
specification and used by JSON Web Signature (JWS) to digitally sign or create a MAC of
the contents and JSON Web Encryption (JWE) to encrypt the contents.
Super interface for cryptographic algorithms defined by the JSON Web Algorithms (JWA)
specification and used by JSON Web Signature (JWS) to digitally sign or create a MAC of
the contents of the JWS Protected Header and JWS Payload.
The cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification and
used by JSON Web Signature (JWS) to digitally sign or create a MAC of the contents of
the JWS Protected Header and JWS Payload.
The JSON Web Signature (JWS) header is a JSON object representing the header parameters
of a JSON Web Token, that describe the cryptographic operations used to digitally sign
or create a MAC of the contents of the JWS Protected Header and JWS Payload.
A builder for
JwsHeader.An implementation of an
AbstractOAuth2Token representing a JSON Web Token
(JWT).Helps configure a
JwtValidates that the "aud" claim in a
Jwt matches a configured value.An
AuthenticationProvider implementation of the Jwt-encoded
Bearer
Tokens for protecting OAuth 2.0 Resource Servers.A builder for
JwtAuthenticationToken instancesA JWT Bearer Grant request that holds a
Jwt assertion.An implementation of an
OAuth2AuthorizedClientProvider for the
jwt-bearer grant.An implementation of an
ReactiveOAuth2AuthorizedClientProvider for the
jwt-bearer grant.A
ClaimAccessor for the "claims" that may be contained in the JSON
object JWT Claims Set of a JSON Web Token (JWT).The Registered Claim Names defined by the JSON Web Token (JWT) specification that may
be contained in the JSON object JWT Claims Set.
The
JWT Claims Set is a JSON object representing the claims conveyed by a
JSON Web Token.A builder for
JwtClaimsSet.Attempts to extract a JWT client assertion credential from
HttpServletRequest
and then converts to an OAuth2ClientAuthenticationToken used for authenticating
the client.An
AuthenticationProvider implementation used for OAuth 2.0 Client
Authentication, which authenticates the Jwt
client_assertion parameter.A
factory that provides a JwtDecoder for the
specified RegisteredClient and is used for authenticating a Jwt Bearer
Token during OAuth 2.0 Client Authentication.Implementations of this interface are responsible for "decoding" a JSON Web
Token (JWT) from its compact claims representation format to a
Jwt.A factory for
JwtDecoder(s).An exception thrown when a
JwtDecoder or ReactiveJwtDecoder's lazy
initialization fails.Allows creating a
JwtDecoder from an OpenID
Provider Configuration or
Authorization Server Metadata
Request based on provided issuer and method invoked.Implementations of this interface are responsible for encoding a JSON Web Token (JWT)
to its compact claims representation format.
A holder of parameters containing the JWS headers and JWT Claims Set.
An
OAuth2TokenContext implementation used when encoding a Jwt.A builder for
JwtEncodingContext.This exception is thrown when an error occurs while attempting to encode a JSON Web
Token (JWT).
Base exception for all JSON Web Token (JWT) related errors.
Extracts the
GrantedAuthoritys from scope attributes typically found in a
Jwt.An implementation of
AuthenticationManagerResolver that resolves a JWT-based
AuthenticationManager based on the Issuer in
a signed JWT (JWS).An implementation of
ReactiveAuthenticationManagerResolver that resolves a
JWT-based ReactiveAuthenticationManager based on the Issuer in
a signed JWT (JWS).Validates the "iss" claim in a
Jwt, that is matches a configured valueA
ReactiveAuthenticationManager for Jwt tokens.An implementation of
OAuth2TokenValidator for verifying claims in a Jwt-based
access tokenA validator for the
typ header.An exception that results from an unsuccessful
OAuth2TokenValidatorResultProvides factory methods for creating
OAuth2TokenValidator<Jwt>A class for building a validator that conforms to
RFC 9068.
AuthenticationProvider for kerberos.Implementation of an
LdapContextSource that authenticates with the ldap server
using Kerberos.
Allows creating tickets against other service principals storing the tickets in the
KerberosAuthentication's JaasSubjectHolder.
RestTemplate that is able to make kerberos SPNEGO authenticated REST requests.KerberosSecurityTestcase provides a base class for using MiniKdc with other testcases.
Authentication Provider which validates Kerberos Service Tickets or SPNEGO Tokens
(which includes Kerberos Service Tickets).
Holds the Kerberos/SPNEGO token for requesting a kerberized service and is also the
output of
KerberosServiceAuthenticationProvider.Result of ticket validation
Implementations of this interface are used in
KerberosServiceAuthenticationProvider to validate a Kerberos/SPNEGO Ticket.
Holds the Username/Password as well as the JAAS Subject allowing multi-tier
authentications using Kerberos.
Basic implementation of
TokenService that is compatible with clusters and
across machine restarts, without requiring database persistence.Factory for commonly used key generators.
An
AuthenticationProvider
implementation that authenticates against an LDAP server.Configures LDAP
AuthenticationProvider in the ProviderManagerBuilder.The strategy interface for locating and authenticating an Ldap user.
Obtains a list of granted authorities for an Ldap user.
An authority that contains at least a DN and a role name for an LDAP entry but can also
contain other desired attributes to be fetched during an LDAP authority search.
Creates an
AuthenticationManager that can perform LDAP authentication using
bind authentication.Deprecated, for removal: This API element is subject to removal in a future version.
as of 7.0 in favor of
LdapJacksonModule based on Jackson 3Jackson module for
spring-security-ldap.Creates an
AuthenticationManager that can perform LDAP authentication using
password comparison.Ldap authentication provider namespace configuration.
Deprecated.
Digest based password encoding is not considered secure.
Captures the information for a user's LDAP entry.
A UserDetails implementation which is used internally by the Ldap services.
Variation of essence pattern.
An Ldap implementation of UserDetailsManager.
The context mapper used by the LDAP authentication provider to create an LDAP user
object.
LDAP implementation of UserDetailsService based around an
LdapUserSearch and an
LdapAuthoritiesPopulator.Constructs an Ldap Distinguished Name from a username.
Obtains a user's information from the LDAP directory given a login name.
LDAP Utility methods.
An API for notifying when the
SecurityContext changes.Thrown if an authentication request is rejected because the account is locked.
Deprecated.
Logging is now embedded in Spring Security components.
Outputs authentication-related application events to Commons Logging.
The JaasAuthenticationProvider takes an instance of LoginExceptionResolver to resolve
LoginModule specific exceptions to Spring Security AuthenticationExceptions.
Generates a default log in page used for authenticating users.
Used by the
ExceptionTranslationFilter to commence a form login authentication
via the UsernamePasswordAuthenticationFilter.Adds logout support.
Logs a principal out.
Indicates a class that is able to participate in logout handling.
Generates a default log out page.
Application event which indicates successful logout
A logout handler which publishes
LogoutSuccessEventStrategy that is called after a successful logout by the
LogoutFilter, to
handle redirection or forwarding to the appropriate destination.A
ClaimAccessor for the "claims" that can be returned in OIDC Logout
TokensThe names of the "claims" defined by the OpenID Back-Channel Logout 1.0
specification that can be returned in a Logout Token.
If the request matches, logs an authenticated user out by delegating to a
ServerLogoutHandler.Performs lookups for
AclService.An enumeration of the cryptographic algorithms defined by the JSON Web Algorithms (JWA)
specification and used by JSON Web Signature (JWS) to create a MAC of the contents of
the JWS Protected Header and JWS Payload.
This class implements the Attributes2GrantedAuthoritiesMapper and
MappableAttributesRetriever interfaces based on the supplied Map.
Deprecated.
Use the
use-authorization-manager attribute for
<method-security> and <intercept-methods> instead or use
annotation-based or AuthorizationManager-based authorizationInterface to be implemented by classes that can retrieve a list of mappable security
attribute strings (for example the list of all available J2EE roles in a web or EJB
application).
Converts a JWT claim set, claim by claim.
A
Map based implementation of PublicKeyCredentialUserEntityRepository.A
Map based implementation of ReactiveUserDetailsServiceA
Map based implementation of RequiredAuthoritiesRepository.A
Map based implementation of UserCredentialRepository.A
SecurityWebFilterChain that leverages a ServerWebExchangeMatcher to
determine which WebFilter to execute.Defines the
RequestMatcher types supported by the namespace.Deprecated.
Digest based password encoding is not considered secure.
Allows matching
HttpServletRequest based upon the MediaType's resolved
from a ContentNegotiationStrategy.Matches based upon the accept headers.
An
Message authorization context.An expression handler for
MessageAuthorizationContext.Deprecated.
Digest based password encoding is not considered secure.
Deprecated.
Use
MessageMatcherDelegatingAuthorizationManager
insteadAPI for determining if a
Message should be matched on.The result of matching against a
Message contains the status, true or
false, of the match and if present, any variables extracted from the matchA builder for
MessageMatcherDelegatingAuthorizationManager.Deprecated.
The
SecurityExpressionRoot used for Message expressions.Deprecated.
Use
MessageMatcherDelegatingAuthorizationManager insteadAn interface used to define a strategy to handle denied method invocations
An expression-based
AuthorizationManager that determines the access by
evaluating the provided expression against the MethodInvocation.Deprecated.
This class will be removed from the public API.
Deprecated.
Use
AuthorizationManager
insteadA context object that contains a
MethodInvocation and the result of that
MethodInvocation.Static utility methods for creating
MethodInvocations usable within Spring
Security.Processes the top-level "method-security" element.
Extended expression-handler facade which adds methods which are specific to securing
method invocations.
Interface which must be implemented if you want to use filtering in method security
expressions.
Deprecated.
Please use
AuthorizationManagerBeforeMethodInterceptor
and
AuthorizationManagerAfterMethodInterceptor
insteadDeprecated.
Use the
use-authorization-manager attribute for
<method-security> and <intercept-methods> instead or use
annotation-based or AuthorizationManager-based authorizationDeprecated.
Use
EnableMethodSecurity or publish interceptors directlyDeprecated.
Use
<intercept-methods>, <method-security>, or
@EnableMethodSecurityMini KDC based on Apache Directory Server that can be embedded in testcases or used
from command line as a standalone KDC.
Thrown when no expected
CsrfToken is found but is required.A mutable Acl.
Provides support for creating and storing
Acl instances.A
RequestMatcher that will negate the RequestMatcher passed in.Negates the provided matcher.
A LDAP authority populator that can recursively search static nested groups.
A
Filter that processes JWK Set requests.A
Converter that customizes the OAuth 2.0 Access Token Request parameters by
adding a signed JSON Web Token (JWS) to be used for client authentication at the
Authorization Server's Token Endpoint.NimbusJwtClientAuthenticationParametersConverter.JwtClientAuthenticationContext<T extends AbstractOAuth2AuthorizationGrantRequest>
A context that holds client authentication-specific state and is used by
NimbusJwtClientAuthenticationParametersConverter when attempting to
customize the JSON Web Token (JWS) client assertion.A low-level Nimbus implementation of
JwtDecoder which takes a raw Nimbus
configuration.A builder for creating
NimbusJwtDecoder instances based on a
JWK Set
uri.A builder for creating
NimbusJwtDecoder instances based on a
JWKSource.A builder for creating
NimbusJwtDecoder instances based on a public key.A builder for creating
NimbusJwtDecoder instances based on a
SecretKey.An implementation of a
JwtEncoder that encodes a JSON Web Token (JWT) using the
JSON Web Signature (JWS) Compact Serialization format.A builder for creating
NimbusJwtEncoder instances configured with a
KeyPair.A builder for creating
NimbusJwtEncoder instances configured with a
SecretKey.An implementation of a
ReactiveJwtDecoder that "decodes" a JSON Web
Token (JWT) and additionally verifies its digital signature if the JWT is a JSON Web
Signature (JWS).A builder for creating
NimbusReactiveJwtDecoder instances based on a
JWK Set
uri.A builder for creating
NimbusReactiveJwtDecoder instances.A builder for creating
NimbusReactiveJwtDecoder instances based on a public
key.A builder for creating
NimbusReactiveJwtDecoder instances based on a
SecretKey.Thrown if an authentication request is rejected because the digest nonce has expired.
An
AccessDeniedHandler implementation that does nothing.An
AuthenticationEntryPoint implementation that does nothing.Deprecated.
This PasswordEncoder is not secure.
An implementation of
ServerRequestCache that does nothing.A do nothing implementation of
ServerSecurityContextRepository.Thrown if an ACL-related object cannot be found.
Implementation of
NullRememberMeServices that does nothing.Null implementation of RequestCache.
An implementation of
MethodAuthorizationDeniedHandler that return null.Implementation of @link
StatelessTicketCache that has no backing cache.Does not perform any caching.
An implementation of an
AbstractOAuth2Token representing an OAuth 2.0 Access
Token.Access Token Types.
An
OAuth2AuthenticationContext that holds an
OAuth2AccessTokenAuthenticationToken and additional information and is used
when customizing the OAuth2AccessTokenResponse.A builder for
OAuth2AccessTokenAuthenticationContext.An
Authentication implementation used when issuing an OAuth 2.0 Access Token
and (optional) Refresh Token.A representation of an OAuth 2.0 Access Token Response.
A builder for
OAuth2AccessTokenResponse.An implementation of an
AuthenticationSuccessHandler used for handling an
OAuth2AccessTokenAuthenticationToken and returning the
Access Token Response.A strategy for "exchanging" an authorization grant credential (e.g.
A
HttpMessageConverter for an OAuth 2.0 Access
Token Response.An
AuthenticatedPrincipal that represents the principal associated with an
OAuth 2.0 token.A context that holds an
Authentication and (optionally) additional information
and is used in an AuthenticationProvider.OAuth2AuthenticationContext.AbstractBuilder<T extends OAuth2AuthenticationContext,B extends OAuth2AuthenticationContext.AbstractBuilder<T,B>>
A builder for subclasses of
OAuth2AuthenticationContext.This exception is thrown for all OAuth 2.0 related
Authentication errors.An implementation of an
AbstractAuthenticationToken that represents an OAuth
2.0 Authentication.A builder of
OAuth2AuthenticationToken instancesA representation of an OAuth 2.0 Authorization, which holds state related to the
authorization granted to a
client, by the
resource owner or itself in the case of the
client_credentials grant type.A builder for
OAuth2Authorization.A holder of an OAuth 2.0 Token and it's associated metadata.
An implementation of an
AbstractOAuth2Token representing an OAuth 2.0
Authorization Code Grant.Attempts to extract an Access Token Request from
HttpServletRequest for the
OAuth 2.0 Authorization Code Grant and then converts it to an
OAuth2AuthorizationCodeAuthenticationToken used for authenticating the
authorization grant.An implementation of an
AuthenticationProvider for the OAuth 2.0 Authorization
Code Grant.An
AuthenticationProvider implementation for the OAuth 2.0 Authorization Code
Grant.An
AbstractAuthenticationToken for the OAuth 2.0 Authorization Code Grant.An
Authentication implementation used for the OAuth 2.0 Authorization Code
Grant.A
Filter for the OAuth 2.0 Authorization Code Grant, which handles the
processing of the OAuth 2.0 Authorization Response.An OAuth 2.0 Authorization Code Grant request that holds an Authorization Code
credential, which was granted by the Resource Owner to the
Client.A
Filter for the OAuth 2.0 Authorization Code Grant, which handles the
processing of the OAuth 2.0 Authorization Response.An implementation of an
AuthenticationProvider for OAuth
2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.An
OAuth2AuthenticationContext that holds an
OAuth2AuthorizationCodeRequestAuthenticationToken and additional information
and is used when validating the OAuth 2.0 Authorization Request parameters, as well as,
determining if authorization consent is required.A builder for
OAuth2AuthorizationCodeRequestAuthenticationContext.Attempts to extract an Authorization Request from
HttpServletRequest for the
OAuth 2.0 Authorization Code Grant and then converts it to an
OAuth2AuthorizationCodeRequestAuthenticationToken OR
OAuth2PushedAuthorizationRequestAuthenticationToken used for authenticating the
request.This exception is thrown by
OAuth2AuthorizationCodeRequestAuthenticationProvider when an attempt to
authenticate the OAuth 2.0 Authorization Request (or Consent) fails.An
AuthenticationProvider implementation for the OAuth 2.0 Authorization
Request used in the Authorization Code Grant.An
Authentication implementation for the OAuth 2.0 Authorization Request used
in the Authorization Code Grant.A
Consumer providing access to the
OAuth2AuthorizationCodeRequestAuthenticationContext containing an
OAuth2AuthorizationCodeRequestAuthenticationToken and is the default
authentication validator used for validating specific OAuth 2.0 Authorization Request
parameters used in the Authorization Code Grant.A representation of an OAuth 2.0 "consent" to an Authorization request, which holds
state related to the set of
authorities granted to a
client by the resource
owner.A builder for
OAuth2AuthorizationConsent.An
OAuth2AuthenticationContext that holds an
OAuth2AuthorizationConsent.Builder and additional information and is used when
customizing the building of the OAuth2AuthorizationConsent.A builder for
OAuth2AuthorizationConsentAuthenticationContext.Attempts to extract an Authorization Consent from
HttpServletRequest for the
OAuth 2.0 Authorization Code Grant and then converts it to an
OAuth2AuthorizationConsentAuthenticationToken used for authenticating the
request.An
AuthenticationProvider implementation for the OAuth 2.0 Authorization
Consent used in the Authorization Code Grant.An
Authentication implementation for the OAuth 2.0 Authorization Consent used
in the Authorization Code Grant.Implementations of this interface are responsible for the management of
OAuth 2.0 Authorization Consent(s).A context that holds authorization-specific state and is used by an
OAuth2AuthorizedClientProvider when attempting to authorize (or re-authorize)
an OAuth 2.0 Client.A builder for
OAuth2AuthorizationContext.Configurer for the OAuth 2.0 Authorization Endpoint.
A
Filter for the OAuth 2.0 Authorization Code Grant, which handles the
processing of the OAuth 2.0 Authorization Request and Consent.Base exception for OAuth 2.0 Authorization errors.
An "exchange" of an OAuth 2.0 Authorization Request and Response for the
authorization code grant type.
Handles when an OAuth 2.0 Client fails to authorize (or re-authorize) via the
Authorization Server or Resource Server.
Base implementation of an
Authentication representing an OAuth 2.0
Authorization Grant.A convenience class for creating OAuth 2.0-specific
AuthorizationManagers.A representation of an OAuth 2.0 Authorization Request for the authorization code grant
type.
OAuth2AuthorizationRequest.AbstractBuilder<T extends OAuth2AuthorizationRequest,B extends OAuth2AuthorizationRequest.AbstractBuilder<T,B>>
A builder for subclasses of
OAuth2AuthorizationRequest.A builder for
OAuth2AuthorizationRequest.A factory of customizers that customize the
OAuth 2.0
Authorization Request via the OAuth2AuthorizationRequest.Builder.This
Filter initiates the authorization code grant flow by redirecting the
End-User's user-agent to the Authorization Server's Authorization Endpoint.This
WebFilter initiates the authorization code grant flow by redirecting the
End-User's user-agent to the Authorization Server's Authorization Endpoint.Implementations of this interface are capable of resolving an
OAuth2AuthorizationRequest from the provided HttpServletRequest.A representation of an OAuth 2.0 Authorization Response for the authorization code
grant type.
A builder for
OAuth2AuthorizationResponse.The
response_type parameter is consumed by the authorization endpoint which is
used by the authorization code grant type.Configuration for OAuth 2.1 Authorization Server support.An
AbstractHttpConfigurer for OAuth 2.1 Authorization Server support.Deprecated, for removal: This API element is subject to removal in a future version.
as of 7.0 in favor of
org.springframework.security.oauth2.server.authorization.jackson.OAuth2AuthorizationServerJacksonModule
based on Jackson 3Jackson
Module for spring-security-oauth2-authorization-server, that
registers the following mix-in annotations:
OAuth2TokenExchangeActor
OAuth2AuthorizationRequestMixin
OAuth2TokenExchangeCompositeAuthenticationTokenMixin
JwsAlgorithmMixin
OAuth2TokenFormatMixin
If not already enabled, default typing will be automatically enabled as type info is
required to properly serialize/deserialize objects.A representation of an OAuth 2.0 Authorization Server Metadata response, which is
returned from an OAuth 2.0 Authorization Server's Metadata Endpoint, and contains a set
of claims about the Authorization Server's configuration.
Helps configure an
OAuth2AuthorizationServerMetadata.A
ClaimAccessor for the "claims" an Authorization Server describes about its
configuration, used in OAuth 2.0 Authorization Server Metadata and OpenID Connect
Discovery 1.0.The names of the "claims" an Authorization Server describes about its configuration,
used in OAuth 2.0 Authorization Server Metadata and OpenID Connect Discovery 1.0.
Configurer for the OAuth 2.0 Authorization Server Metadata Endpoint.
A
Filter that processes OAuth 2.0 Authorization Server Metadata Requests.A
HttpMessageConverter for an OAuth
2.0 Authorization Server Metadata Response.Implementations of this interface are responsible for the management of
OAuth 2.0 Authorization(s).Handles when an OAuth 2.0 Client has been successfully authorized (or re-authorized)
via the Authorization Server.
A representation of an OAuth 2.0 "Authorized Client".
An implementation of a
HandlerMethodArgumentResolver that is capable of
resolving a method parameter to an argument value of type
OAuth2AuthorizedClient.An implementation of a
HandlerMethodArgumentResolver that is capable of
resolving a method parameter to an argument value of type
OAuth2AuthorizedClient.The identifier for
OAuth2AuthorizedClient.Implementations of this interface are responsible for the overall management of
Authorized Client(s).A strategy for authorizing (or re-authorizing) an OAuth 2.0 Client.
A builder that builds a
DelegatingOAuth2AuthorizedClientProvider composed of
one or more OAuth2AuthorizedClientProvider(s) that implement specific
authorization grants.An event that is published when an
OAuth2AuthorizedClient is refreshed as a
result of using a refresh_token to obtain an OAuth 2.0 Access Token Response.Implementations of this interface are responsible for the persistence of
Authorized Client(s) between requests.Implementations of this interface are responsible for the management of
Authorized Client(s), which provide the purpose of
associating an Access Token credential
to a Client and Resource Owner,
who is the Principal that originally
granted the authorization.Represents a request the
OAuth2AuthorizedClientManager uses to
authorize (or
re-authorize) the client identified by the provided
clientRegistrationId.A builder for
OAuth2AuthorizeRequest.Static factory methods for OAuth2
BodyExtractor implementations.Configurer for OAuth 2.0 Client Authentication.
An
OAuth2AuthenticationContext that holds an
OAuth2ClientAuthenticationToken and additional information and is used when
validating an OAuth 2.0 Client Authentication.A builder for
OAuth2ClientAuthenticationContext.A
Filter that processes an authentication request for an OAuth 2.0 Client.An
Authentication implementation used for OAuth 2.0 Client Authentication.An
AbstractHttpConfigurer for OAuth 2.0 Client support.An
OAuth2AuthenticationContext that holds an
OAuth2ClientCredentialsAuthenticationToken and additional information and is
used when validating the OAuth 2.0 Client Credentials Grant Request.A builder for
OAuth2ClientCredentialsAuthenticationContext.Attempts to extract an Access Token Request from
HttpServletRequest for the
OAuth 2.0 Client Credentials Grant and then converts it to an
OAuth2ClientCredentialsAuthenticationToken used for authenticating the
authorization grant.An
AuthenticationProvider implementation for the OAuth 2.0 Client Credentials
Grant.An
Authentication implementation used for the OAuth 2.0 Client Credentials
Grant.A
Consumer providing access to the
OAuth2ClientCredentialsAuthenticationContext containing an
OAuth2ClientCredentialsAuthenticationToken and is the default
authentication validator used for validating specific OAuth 2.0 Client Credentials
Grant Request parameters.An OAuth 2.0 Client Credentials Grant request that holds the client's credentials in
AbstractOAuth2AuthorizationGrantRequest.getClientRegistration().Provides an easy mechanism for using an
OAuth2AuthorizedClient to make OAuth
2.0 requests by including the access
token as a bearer token.A strategy for resolving a
clientRegistrationId from an intercepted
request.A strategy for resolving a
principal from an intercepted
request.Deprecated, for removal: This API element is subject to removal in a future version.
as of 7.0 in favor of
OAuth2ClientJacksonModule
based on Jackson 3Jackson
Module for spring-security-oauth2-client, that registers the
following mix-in annotations:
OAuth2AuthorizationRequestMixin
ClientRegistrationMixin
OAuth2AccessTokenMixin
OAuth2RefreshTokenMixin
OAuth2AuthorizedClientMixin
OAuth2UserAuthorityMixin
DefaultOAuth2UserMixin
OidcIdTokenMixin
OidcUserInfoMixin
OidcUserAuthorityMixin
DefaultOidcUserMixin
OAuth2AuthenticationTokenMixin
OAuth2AuthenticationExceptionMixin
OAuth2ErrorMixin
A
ClaimAccessor for the claims that are contained in the OAuth 2.0 Client
Registration Request and Response.The names of the claims defined by OAuth 2.0 Dynamic Client Registration Protocol that
are contained in the OAuth 2.0 Client Registration Request and Response.
A representation of an OAuth 2.0 Client Registration Request and Response, which is
sent to and returned from the Client Registration Endpoint, and contains a set of
claims about the Client's Registration information.
Helps configure an
OAuth2ClientRegistration.Attempts to extract an OAuth 2.0 Dynamic Client Registration Request from
HttpServletRequest and then converts to an
OAuth2ClientRegistrationAuthenticationToken used for authenticating the
request.An
AuthenticationProvider implementation for the OAuth 2.0 Dynamic Client
Registration Endpoint.An
Authentication implementation used for the OAuth 2.0 Dynamic Client
Registration Endpoint.Configurer for OAuth 2.0 Dynamic Client Registration Endpoint.
A
Filter that processes OAuth 2.0 Dynamic Client Registration Requests.A
HttpMessageConverter for an OAuth 2.0 Dynamic
Client Registration Request and Response.Attempts to extract a Device Authorization Consent from
HttpServletRequest for
the OAuth 2.0 Device Authorization Grant and then converts it to an
OAuth2DeviceAuthorizationConsentAuthenticationToken used for authenticating the
request.An
AuthenticationProvider implementation for the Device Authorization Consent
used in the OAuth 2.0 Device Authorization Grant.An
Authentication implementation for the Device Authorization Consent used in
the OAuth 2.0 Device Authorization Grant.Configurer for the OAuth 2.0 Device Authorization Endpoint.
A
Filter for the OAuth 2.0 Device Authorization endpoint, which handles the
processing of the OAuth 2.0 Device Authorization Request.Attempts to extract a Device Authorization Request from
HttpServletRequest for
the OAuth 2.0 Device Authorization Grant and then converts it to an
OAuth2DeviceAuthorizationRequestAuthenticationToken used for authenticating the
request.An
AuthenticationProvider implementation for the Device Authorization Request
used in the OAuth 2.0 Device Authorization Grant.An
Authentication implementation for the Device Authorization Request used in
the OAuth 2.0 Device Authorization Grant.A representation of an OAuth 2.0 Device Authorization Response.
A builder for
OAuth2DeviceAuthorizationResponse.A
HttpMessageConverter for an OAuth
2.0 Device Authorization Response.An implementation of an
AbstractOAuth2Token representing a device code as part
of the OAuth 2.0 Device Authorization Grant.Attempts to extract a Device Access Token Request from
HttpServletRequest for
the OAuth 2.0 Device Authorization Grant and then converts it to an
OAuth2DeviceCodeAuthenticationToken used for authenticating the authorization
grant.An
AuthenticationProvider implementation for the Device Access Token Request
used in the OAuth 2.0 Device Authorization Grant.An
Authentication implementation for the Device Access Token Request used in
the OAuth 2.0 Device Authorization Grant.An
OAuth2AuthenticationContext that holds an
OAuth2DeviceVerificationAuthenticationToken and additional information and is
used when determining if authorization consent is required.A builder for
OAuth2DeviceVerificationAuthenticationContext.Attempts to extract a user code from
HttpServletRequest for the OAuth 2.0
Device Authorization Grant and then converts it to an
OAuth2DeviceVerificationAuthenticationToken used for authenticating the
request.An
AuthenticationProvider implementation for the Device Verification Request
(submission of the user code) used in the OAuth 2.0 Device Authorization Grant.An
Authentication implementation for the Device Verification Request
(submission of the user code) used in the OAuth 2.0 Device Authorization Grant.Configurer for the OAuth 2.0 Device Verification Endpoint.
A
Filter for the OAuth 2.0 Device Authorization Grant, which handles the
processing of the Device Verification Request (submission of the user code) and the
Device Authorization Consent.A representation of an OAuth 2.0 Error.
An implementation of an
AuthenticationFailureHandler used for handling an
OAuth2AuthenticationException and returning the OAuth 2.0
Error Response.Standard error codes defined by the OAuth 2.0 Authorization Framework.
A
HttpMessageConverter for an OAuth 2.0 Error.A
ResponseErrorHandler that handles an OAuth 2.0 Error.A domain object that wraps the attributes of OAuth 2.0 Token Introspection.
Base exception for all OAuth 2.0 Introspection related errors
An implementation of an
AbstractAuthenticationProcessingFilter for OAuth 2.0
Login.An implementation of an
AuthenticationProvider for OAuth 2.0 Login, which
leverages the OAuth 2.0 Authorization Code Grant Flow.An
AbstractAuthenticationToken for OAuth 2.0 Login, which leverages the OAuth
2.0 Authorization Code Grant Flow.A specialized
AuthenticationWebFilter that converts from an
OAuth2LoginAuthenticationToken to an OAuth2AuthenticationToken and
saves the OAuth2AuthorizedClientAn
AbstractHttpConfigurer for OAuth 2.0 Login, which leverages the OAuth 2.0
Authorization Code Grant Flow.An implementation of an
AuthenticationProvider for OAuth
2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.Standard and custom (non-standard) parameter names defined in the OAuth Parameters
Registry and used by the authorization endpoint, token endpoint and token revocation
endpoint.
A representation of an OAuth 2.0 Protected Resource Metadata response, which is
returned from an OAuth 2.0 Resource Server's Metadata Endpoint, and contains a set of
claims about the Resource Server's configuration.
Helps configure an
OAuth2ProtectedResourceMetadata.A
ClaimAccessor for the claims a Resource Server describes about its
configuration, used in OAuth 2.0 Protected Resource Metadata.The names of the claims a Resource Server describes about its configuration, used in
OAuth 2.0 Protected Resource Metadata.
A
Filter that processes OAuth 2.0 Protected Resource Metadata Requests.An
AuthenticationProvider implementation for the OAuth 2.0 Pushed Authorization
Request used in the Authorization Code Grant.An
Authentication implementation for the OAuth 2.0 Pushed Authorization Request
used in the Authorization Code Grant.Configurer for the OAuth 2.0 Pushed Authorization Request Endpoint.
A
Filter for the OAuth 2.0 Pushed Authorization Request endpoint, which handles
the processing of the OAuth 2.0 Pushed Authorization Request.A convenience class for creating OAuth 2.0-specific
AuthorizationManagers.An implementation of an
AbstractOAuth2Token representing an OAuth 2.0 Refresh
Token.Attempts to extract an Access Token Request from
HttpServletRequest for the
OAuth 2.0 Refresh Token Grant and then converts it to an
OAuth2RefreshTokenAuthenticationToken used for authenticating the authorization
grant.An
AuthenticationProvider implementation for the OAuth 2.0 Refresh Token Grant.An
Authentication implementation used for the OAuth 2.0 Refresh Token Grant.An
OAuth2TokenGenerator that generates an OAuth2RefreshToken.An OAuth 2.0 Refresh Token Grant request that holds the
refresh token credential granted to the client.An
AbstractHttpConfigurer for OAuth 2.0 Resource Server Support.Simplify adding OAuth2 support to interface based rest clients that use
RestClient.Core interface representing an OAuth 2.0 Token.
A
ClaimAccessor for the "claims" that may be contained in an
OAuth2TokenClaimsSet.The names of the "claims" that may be contained in an
OAuth2TokenClaimsSet and
are associated to an OAuth2Token.An
OAuth2TokenContext implementation that provides access to the
claims of an OAuth 2.0 Token, allowing the ability to customize.A builder for
OAuth2TokenClaimsContext.A representation of a set of claims that are associated to an
OAuth2Token.A builder for
OAuth2TokenClaimsSet.A context that holds information (to be) associated to an OAuth 2.0 Token and is used
by an
OAuth2TokenGenerator and OAuth2TokenCustomizer.OAuth2TokenContext.AbstractBuilder<T extends OAuth2TokenContext,B extends OAuth2TokenContext.AbstractBuilder<T,B>>
Base builder for implementations of
OAuth2TokenContext.Implementations of this interface are responsible for customizing the OAuth 2.0 Token
attributes contained within the
OAuth2TokenContext.Configurer for the OAuth 2.0 Token Endpoint.
A
Filter for the OAuth 2.0 Token endpoint, which handles the processing of an
OAuth 2.0 Authorization Grant.A
ClaimAccessor used for the OAuth 2.0 Token Exchange Grant to represent an
actor in a OAuth2TokenExchangeCompositeAuthenticationToken (e.g.Attempts to extract an Access Token Request from
HttpServletRequest for the
OAuth 2.0 Token Exchange Grant and then converts it to an
OAuth2TokenExchangeAuthenticationToken used for authenticating the
authorization grant.An
AuthenticationProvider implementation for the OAuth 2.0 Token Exchange
Grant.An
Authentication implementation used for the OAuth 2.0 Token Exchange Grant.An
Authentication implementation used for the OAuth 2.0 Token Exchange Grant to
represent the principal in a composite token (e.g.Standard data formats for OAuth 2.0 Tokens.
Implementations of this interface are responsible for generating an
OAuth2Token
using the attributes contained in the OAuth2TokenContext.A representation of the claims returned in an OAuth 2.0 Token Introspection Response.
A builder for
OAuth2TokenIntrospection.Attempts to extract an Introspection Request from
HttpServletRequest and then
converts it to an OAuth2TokenIntrospectionAuthenticationToken used for
authenticating the request.An
AuthenticationProvider implementation for OAuth 2.0 Token Introspection.An
Authentication implementation used for OAuth 2.0 Token Introspection.A
ClaimAccessor for the "claims" that may be contained in the
Introspection Response.The names of the "Introspection Claims" defined by an
Introspection
Response.
Configurer for the OAuth 2.0 Token Introspection Endpoint.
A
Filter for the OAuth 2.0 Token Introspection endpoint.A
HttpMessageConverter for an OAuth 2.0 Token
Introspection Response.Attempts to extract a Revoke Token Request from
HttpServletRequest and then
converts it to an OAuth2TokenRevocationAuthenticationToken used for
authenticating the request.An
AuthenticationProvider implementation for OAuth 2.0 Token Revocation.An
Authentication implementation used for OAuth 2.0 Token Revocation.Configurer for the OAuth 2.0 Token Revocation Endpoint.
A
Filter for the OAuth 2.0 Token Revocation endpoint.Standard token types defined in the OAuth Token Type Hints Registry.
Implementations of this interface are responsible for "verifying" the
validity and/or constraints of the attributes contained in an OAuth 2.0 Token.
A result emitted from an
OAuth2TokenValidator validation attemptA representation of a user
Principal that is registered with an OAuth 2.0
Provider.A
GrantedAuthority that may be associated to an OAuth2User.An implementation of an
AbstractOAuth2Token representing a user code as part of
the OAuth 2.0 Device Authorization Grant.Represents a request the
OAuth2UserService uses when initiating a request to
the UserInfo Endpoint.A
Converter that converts the provided OAuth2UserRequest to a
RequestEntity representation of a request for the UserInfo Endpoint.Implementations of this interface are responsible for obtaining the user attributes of
the End-User (Resource Owner) from the UserInfo Endpoint using the
Access Token granted to the
Client and returning an
AuthenticatedPrincipal in the form of an OAuth2User.Simplify adding OAuth2 support to interface based rest clients that use
WebClient.Represents the identity of an individual domain object instance.
Strategy which creates an
ObjectIdentity from an object identifier (such as a
primary key) and type information.Simple implementation of
ObjectIdentity.Strategy interface that provides the ability to determine which
ObjectIdentity
will be returned for a particular domain objectBasic implementation of
ObjectIdentityRetrievalStrategy and
ObjectIdentityGenerator that uses the constructors of
ObjectIdentityImpl to create the ObjectIdentity.Allows initialization of Objects.
Spring
Configuration that exports the default ObjectPostProcessor.An
AuthenticationManager that observes the authenticationAn
AuthorizationManager that observes the authorizationA
FilterChainProxy.FilterChainDecorator that
wraps the chain in before and after observationsAn
ReactiveAuthenticationManager that observes the authenticationAn
ReactiveAuthorizationManager that observes the authenticationA
SecurityContextChangedListener that adds events to an existing
Observation
If no Observation is present when an event is fired, then the event is
unrecorded.A
WebFilterChainProxy.WebFilterChainDecorator
that wraps the chain in before and after observationsAn implementation of an
AuthenticationProvider for the OpenID Connect Core 1.0
Authorization Code Grant Flow.An implementation of an
AuthenticationProvider for OAuth
2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.An
ApplicationListener that listens for events of type
OAuth2AuthorizedClientRefreshedEvent and publishes an event of type
OidcUserRefreshedEvent in order to refresh an OidcUser.A
LogoutHandler that locates the sessions associated with a given OIDC
Back-Channel Logout Token and invalidates each one.A
ServerLogoutHandler that locates the sessions associated with a given OIDC
Back-Channel Logout Token and invalidates each one.An
AuthenticationProvider implementation for OpenID Connect 1.0 Dynamic Client
Configuration Endpoint.A logout success handler for initiating OIDC logout through the user agent.
A reactive logout success handler for initiating OIDC logout through the user agent.
Parameters, required for redirect URI resolving.
A
ClaimAccessor for the "claims" that are contained in the OpenID Client
Registration Request and Response.The names of the "claims" defined by OpenID Connect Dynamic Client Registration 1.0
that are contained in the OpenID Client Registration Request and Response.
A representation of an OpenID Client Registration Request and Response, which is sent
to and returned from the Client Registration Endpoint, and contains a set of claims
about the Client's Registration information.
Helps configure an
OidcClientRegistration.Attempts to extract an OpenID Connect 1.0 Dynamic Client Registration (or Client Read)
Request from
HttpServletRequest and then converts to an
OidcClientRegistrationAuthenticationToken used for authenticating the request.An
AuthenticationProvider implementation for OpenID Connect 1.0 Dynamic Client
Registration Endpoint.An
Authentication implementation used for OpenID Connect 1.0 Dynamic Client
Registration (and Configuration) Endpoint.Configurer for OpenID Connect 1.0 Dynamic Client Registration Endpoint.
A
Filter that processes OpenID Connect 1.0 Dynamic Client Registration (and
Client Read) Requests.A
HttpMessageConverter for an OpenID Client
Registration Request and Response.Configurer for OpenID Connect 1.0 support.
An implementation of an
AbstractOAuth2Token representing an OpenID Connect Core
1.0 ID Token.A builder for
OidcIdTokensAn
OAuth2TokenValidator responsible for validating the claims in an
ID Token.An
OAuth2AuthenticationContext that holds an
OidcLogoutAuthenticationToken and additional information and is used when
validating the OpenID Connect RP-Initiated Logout Request parameters.A builder for
OidcLogoutAuthenticationContext.Attempts to extract an OpenID Connect 1.0 RP-Initiated Logout Request from
HttpServletRequest and then converts to an
OidcLogoutAuthenticationToken used for authenticating the request.An
AuthenticationProvider implementation for OpenID Connect 1.0 RP-Initiated
Logout Endpoint.An implementation of an
AuthenticationSuccessHandler used for handling an
OidcLogoutAuthenticationToken and performing the OpenID Connect 1.0
RP-Initiated Logout.An
Authentication implementation used for OpenID Connect 1.0 RP-Initiated
Logout Endpoint.A
Consumer providing access to the OidcLogoutAuthenticationContext
containing an OidcLogoutAuthenticationToken and is the default
authentication validator used for validating specific OpenID Connect RP-Initiated
Logout Request parameters.An
AbstractHttpConfigurer for OIDC Logout flowsConfigurer for OpenID Connect 1.0 RP-Initiated Logout Endpoint.
A
Filter that processes OpenID Connect 1.0 RP-Initiated Logout Requests.An implementation of an
AbstractOAuth2Token representing an OpenID Backchannel
Logout Token.A builder for
OidcLogoutTokensStandard parameter names defined in the OAuth Parameters Registry and used by the
authorization endpoint and token endpoint.
A representation of an OpenID Provider Configuration Response, which is returned from
an Issuer's Discovery Endpoint, and contains a set of claims about the OpenID
Provider's configuration.
Helps configure an
OidcProviderConfiguration.Configurer for the OpenID Connect 1.0 Provider Configuration Endpoint.
A
Filter that processes OpenID Provider Configuration Requests.A
HttpMessageConverter for an OpenID Provider
Configuration Response.A
ClaimAccessor for the "claims" that can be returned in the OpenID Provider
Configuration Response.The names of the "claims" defined by OpenID Connect Discovery 1.0 that can be returned
in the OpenID Provider Configuration Response.
An implementation of an
ReactiveOAuth2UserService that supports OpenID Connect
1.0 Provider's.The scope values defined by the OpenID Connect Core 1.0 specification that can be used
to request
claims.A
SessionInformation extension that enforces the principal be of type
OidcUser.A registry to record the tie between the OIDC Provider session and the Client session.
A representation of a user
Principal that is registered with an OpenID Connect
1.0 Provider.A
GrantedAuthority that may be associated to an OidcUser.A representation of a UserInfo Response that is returned from the OAuth 2.0 Protected
Resource UserInfo Endpoint.
A builder for
OidcUserInfosAn
OAuth2AuthenticationContext that holds an
OidcUserInfoAuthenticationToken and additional information and is used when
mapping claims to an instance of OidcUserInfo.A builder for
OidcUserInfoAuthenticationContext.An
AuthenticationProvider implementation for OpenID Connect 1.0 UserInfo
Endpoint.An
Authentication implementation used for OpenID Connect 1.0 UserInfo Endpoint.Configurer for OpenID Connect 1.0 UserInfo Endpoint.
A
Filter that processes OpenID Connect 1.0 UserInfo Requests.A
HttpMessageConverter for an OpenID Connect UserInfo
Response.An event that is published when an
OidcUser is refreshed as a result of using a
refresh_token to obtain an OAuth 2.0 Access Token Response that contains an
id_token.Represents a request the
OidcUserService uses when initiating a request to the
UserInfo Endpoint.An implementation of an
OAuth2UserService that supports OpenID Connect 1.0
Provider's.The source for the converter to
OidcUser.Base class for response wrappers which encapsulate the logic for handling an event when
the
HttpServletResponse is committed.Represents a one-time use token with an associated username and expiration time.
The result of a successful one-time-token authentication
A builder of
OneTimeTokenAuthentication instancesAn implementation of
AuthenticationConverter that detects if the request
contains a token parameter and constructs a
OneTimeTokenAuthenticationToken with it.Filter that processes a one-time token for log in.
An
AuthenticationProvider responsible for authenticating users based on
one-time tokens.Represents a One-Time Token authentication that can be authenticated or not.
Defines a strategy to handle generated one-time tokens.
An
AbstractHttpConfigurer for One-Time Token Login.A
ReactiveAuthenticationManager for one time tokens.Interface for generating and consuming one-time tokens.
Creates a default one-time token submit page.
Convert a successful introspection result into an authentication result.
An
AuthenticationProvider implementation for opaque
Bearer
Tokens, using an
OAuth 2.0 Introspection
Endpoint to check the token's validity and reveal its attributes.A contract for introspecting and verifying an OAuth 2.0 token.
An
ReactiveAuthenticationManager implementation for opaque
Bearer
Tokens, using an
OAuth 2.0 Introspection
Endpoint to check the token's validity and reveal its attributes.A
RelyingPartyRegistration.AssertingPartyDetails that contains
OpenSAML-specific membersAn OpenSAML version of
RelyingPartyRegistration.AssertingPartyDetails.Builder
that contains the underlying EntityDescriptorAn initialization service for initializing OpenSAML.
An
HttpMessageConverter that takes an IDPSSODescriptor in an HTTP
response and converts it into a RelyingPartyRegistration.Builder.MessageMatcher that will return true if any of the passed in
MessageMatcher instances match.RequestMatcher that will return true if any of the passed in
RequestMatcher instances match.Matches if any of the provided
ServerWebExchangeMatcher matchA mutable ACL that provides ownership capabilities.
Deprecated.
use @{code org.springframework.security.core.parameters.P}
An annotation that can be used along with
AnnotationParameterNameDiscoverer to
specify parameter names.A
RequestMatcher for matching on a request parameter and its value.An
LdapAuthenticator which compares the login password with the value stored in the
directory using a remote LDAP "compare" operation.Service interface for encoding passwords.
Used for creating
PasswordEncoder instancesStateful parser for the <password-encoder> element.
Adds password management support.
Extended version of the DefaultSpringSecurityContextSource which adds support
for the use of
PasswordPolicyControl to make use of user account data stored in
the directory.A Password Policy request control.
Obtains the PasswordPolicyControl from a context for use by other classes.
Transforms a control object to a PasswordPolicyResponseControl object, if appropriate.
Defines status codes for use with PasswordPolicyException, with error codes
(for message source lookup) and default messages.
Generic exception raised by the ppolicy package.
Represents the response control received when a PasswordPolicyControl is used
when binding to a directory.
Match
Messages based on the message destination pattern using a
PathPattern.A builder for specifying various elements of a message for the purpose of creating
a
PathPatternMessageMatcher.Use this factory bean to configure the
PathPatternMessageMatcher.Builder bean
used to create request matchers in MessageMatcherDelegatingAuthorizationManager
and other parts of the DSL.Matches if the
PathPattern matches the path within the application.A builder for specifying various elements of a request for the purpose of creating
a
PathPatternRequestMatcher.Use this factory bean to configure the
PathPatternRequestMatcher.Builder bean
used to create request matchers in AuthorizeHttpRequestsConfigurer and other
parts of the DSL.Prepares the privilege evaluator's request for
PathPatternRequestMatcher
authorization rules.Contract for a Payload interaction.
Converts from a
PayloadExchange to an AuthenticationAn interface for determining if a
PayloadExchangeMatcher matches.The result of matching
Maps a @{code List} of
PayloadExchangeMatcher instances toThe
PayloadExchange typeContract for interception-style, chained processing of Payloads that may be used to
implement cross-cutting, application-agnostic requirements such as security, timeouts,
and others.
Contract to allow a
PayloadInterceptor to delegate to the next in the chain.The standard order for
PayloadInterceptor to be sorted.A
SocketAcceptorInterceptor that applies the PayloadInterceptorsImplementation of
PasswordEncoder
that uses the Password4j library with PBKDF2 hashing algorithm.A
PasswordEncoder implementation that uses PBKDF2 with :
a configurable random salt value length (default is 16
bytes)
a configurable number of iterations (default is 310000)
a configurable key derivation function (see Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm)
a configurable secret appended to the random salt (default is empty)
The algorithm is invoked on the concatenated bytes of the salt, secret and password.The Algorithm used for creating the
SecretKeyFactoryRepresents a permission granted to a Sid for a given domain object.
Allows permissions to be pre-cached when using pre or post filtering with expressions
Strategy used in expression evaluation to determine whether a user has a permission or
permissions for a given domain object.
Provides a simple mechanism to retrieve
Permission instances from integer
masks.Allow customization of the logic for determining whether a permission or permissions
are granted to a particular sid or sids by an
Acl.Provides support for
Permisisons Policy.
Writes the
Permissions-Policy response header with configured policy
directives.RememberMeServices implementation based on Barry Jaspan's Improved
Persistent Login Cookie Best Practice.The abstraction used by
PersistentTokenBasedRememberMeServices to store the
persistent login tokens for a user.UserDetails implementation whose properties are based on the LDAP schema for
Person.
Standard parameter names defined in the OAuth Parameters Registry and used by the
authorization endpoint and token endpoint.
PortMapper implementations provide callers with information about which
HTTP ports are associated with which HTTPS ports on the system, and vice versa.Allows configuring a shared
PortMapper instance used to determine the ports
when redirecting between HTTP and HTTPS.Concrete implementation of
PortMapper that obtains HTTP:HTTPS pairs from the
application context.Annotation for specifying a method access-control expression which will be evaluated
after a method has been invoked.
An
AuthorizationManager which can determine if an Authentication may
return the result from an invoked MethodInvocation by evaluating an expression
from the PostAuthorize annotation.A
ReactiveAuthorizationManager which can determine if an Authentication
has access to the returned object from the MethodInvocation by evaluating an
expression from the PostAuthorize annotation.Annotation for specifying a method filtering expression which will be evaluated after a
method has been invoked.
A
MethodInterceptor which filters a returnedObject from the
MethodInvocation by evaluating an expression from the PostFilter
annotation.A
MethodInterceptor which filters the returned object from the
MethodInvocation by evaluating an expression from the PostFilter
annotation.Deprecated.
Use
AuthorizationManagerAfterMethodInterceptor
insteadDeprecated.
Use
AuthorizationManagerAfterMethodInterceptor
insteadDeprecated.
Use
AuthorizationManagerAfterMethodInterceptor
instead
Processes a pre-authenticated authentication request.
Authentication implementation for
pre-authenticated authentication.PreAuthenticatedAuthenticationToken.Builder<B extends PreAuthenticatedAuthenticationToken.Builder<B>>
A builder of
PreAuthenticatedAuthenticationToken instances
This AuthenticationUserDetailsService implementation creates a UserDetails object based
solely on the information contained in the given PreAuthenticatedAuthenticationToken.
This WebAuthenticationDetails implementation allows for storing a list of
pre-authenticated Granted Authorities.
Annotation for specifying a method access-control expression which will be evaluated to
decide whether a method invocation is allowed or not.
An
AuthorizationManager which can determine if an Authentication may
invoke the MethodInvocation by evaluating an expression from the
PreAuthorize annotation.A
ReactiveAuthorizationManager which can determine if an Authentication
has access to the MethodInvocation by evaluating an expression from the
PreAuthorize annotation.Annotation for specifying a method filtering expression which will be evaluated before
a method has been invoked.
A
MethodInterceptor which filters a method argument by evaluating an expression
from the PreFilter annotation.A
MethodInterceptor which filters a reactive method argument by evaluating an
expression from the PreFilter annotation.Deprecated.
Use
AuthorizationManagerBeforeMethodInterceptor
insteadDeprecated.
Use
AuthorizationManagerBeforeMethodInterceptor
insteadDeprecated.
Use
AuthorizationManagerBeforeMethodInterceptor
insteadDeprecated.
Deprecated.
Use
PreAuthorizeAuthorizationManager
and
PostAuthorizeAuthorizationManager
insteadA
SecurityHintsRegistrar that scans all provided classes for methods that use
PreAuthorize or PostAuthorize and registers hints for the beans used
within the security expressions.A
SecurityHintsRegistrar that scans all beans for methods that use
PreAuthorize or PostAuthorize and registers appropriate hints for the
annotations.Deprecated.
Use delegation with
AuthorizationManagerReturns a
Mono that terminates with SessionAuthenticationException when
the maximum number of sessions for a user has been reached.Represents an
Authentication.getPrincipal() as a Sid.Iterates an
Authentication request through a list of
AuthenticationProviders.Interface for operating on a SecurityBuilder that creates a
ProviderManagerThrown by
ProviderManager if no AuthenticationProvider could be found
that supports the presented Authentication
object.Attempts to extract the parameters from
HttpServletRequest used for
authenticating public clients using Proof Key for Code Exchange (PKCE).An
AuthenticationProvider implementation used for OAuth 2.0 Public Client
Authentication, which authenticates the code_verifier parameter.Deprecated.
Only used by now-deprecated classes.
PublicKeyCredential
contains the attributes that are returned to the caller when a new credential is
created, or a new assertion is requested.
Represents the PublicKeyCredentialCreationOptions
which is an argument to creating
a new credential.
Used to build
PublicKeyCredentialCreationOptions.Saves
PublicKeyCredentialCreationOptions between a request to generate an
assertion and the validation of the assertion.A request to create a new
PublicKeyCredentialCreationOptions.PublicKeyCredentialDescriptor
identifies a specific public key credential.
Used to create
PublicKeyCredentialDescriptorThe PublicKeyCredentialParameters
is used to supply additional parameters when creating a new credential.
PublicKeyCredentialRequestOptions
contains the information to create an assertion used for authentication.
Used to build a
PublicKeyCredentialCreationOptions.Saves
PublicKeyCredentialRequestOptions between a request to generate an
assertion and the validation of the assertion.The PublicKeyCredentialRpEntity
dictionary is used to supply additional Relying Party attributes when creating a new
credential.
Used to create a
PublicKeyCredentialRpEntity.The PublicKeyCredentialType
defines the credential types.
PublicKeyCredentialUserEntity
is used to supply additional
user account attributes
when creating a new credential.
A repository for managing
PublicKeyCredentialUserEntity instances.A R2DBC implementation of
ReactiveOAuth2AuthorizedClientService that uses a
DatabaseClient for OAuth2AuthorizedClient persistence.A holder for
OAuth2AuthorizedClient data and End-User
Authentication (Resource Owner).The default
Function that maps R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder to a
Map of String and Parameter.The default
BiFunction that maps the current io.r2dbc.spi.Row to a
R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder.Determines if the provided
Authentication can be authenticated.Adapts an AuthenticationManager to the reactive APIs.
An interface for resolving a
ReactiveAuthenticationManager based on the
provided contextA reactive authorization manager which can determine if an
Authentication has
access to a specific object.A reactive repository for OAuth 2.0 / OpenID Connect 1.0
ClientRegistration(s).A Reactive API for checking if a password has been compromised.
Reactive version of
JwtAuthenticationConverter for converting a Jwt to
a Mono<AbstractAuthenticationToken>.A reactive
Converter for adapting a non-blocking imperative ConverterImplementations of this interface are responsible for "decoding" a JSON Web
Token (JWT) from its compact claims representation format to a
Jwt.A factory for
ReactiveJwtDecoder(s).Allows creating a
ReactiveJwtDecoder from an OpenID
Provider Configuration or
Authorization Server Metadata
Request based on provided issuer and method invoked.Adapts a
Converter<Jwt, Collection<GrantedAuthority>> to
a Converter<Jwt, Flux<GrantedAuthority>>.A reactive strategy for "exchanging" an authorization grant credential (e.g.
Handles when an OAuth 2.0 Client fails to authorize (or re-authorize) via the
authorization server or resource server.
Handles when an OAuth 2.0 Client has been successfully authorized (or re-authorized)
via the authorization server.
Implementations of this interface are responsible for the overall management of
Authorized Client(s).A strategy for authorizing (or re-authorizing) an OAuth 2.0 Client.
A builder that builds a
DelegatingReactiveOAuth2AuthorizedClientProvider
composed of one or more ReactiveOAuth2AuthorizedClientProvider(s) that
implement specific authorization grants.Implementations of this interface are responsible for the management of
Authorized Client(s), which provide the purpose of
associating an Access Token credential
to a Client and Resource Owner,
who is the Principal that originally
granted the authorization.Implementations of this interface are responsible for obtaining the user attributes of
the End-User (Resource Owner) from the UserInfo Endpoint using the
Access Token granted to the
Client and returning an
AuthenticatedPrincipal in the form of an OAuth2User.A registry to record the tie between the OIDC Provider session and the Client session.
Reactive interface for generating and consuming one-time tokens.
Convert a successful introspection result into an authentication result.
A contract for introspecting and verifying an OAuth 2.0 token.
Reactive version of
PreAuthenticatedAuthenticationProvider
This manager receives a PreAuthenticatedAuthenticationToken, checks that
associated account is not disabled, expired, or blocked, and returns new authenticated
PreAuthenticatedAuthenticationToken.Allows getting and setting the Spring
SecurityContext into a Context.Maintains a registry of
ReactiveSessionInformation instances.An API for changing a
UserDetails password.An API for finding the
UserDetails by username.Constructs an
MapReactiveUserDetailsService from a resource using
UserDetailsResourceFactoryBean.Sets up the Reactor Context with the Authentication from the TestSecurityContextHolder
and then clears the Reactor Context at the end of the tests.
Uses a
ServerSecurityContextRepository to provide the SecurityContext
to initialize the ReactiveSecurityContextHolder.A
OneTimeTokenGenerationSuccessHandler that performs a redirect to a specific
locationPerforms a redirect to a specified location.
Performs a redirect to a specified location.
Performs a redirect on authentication success.
Performs a redirect on log out success.
Encapsulates the redirection logic for all classes in the framework which perform
redirects.
Internal class for building redirect URLs.
Provides support for Referrer
Policy.
Writes the
Referrer-Policy response header.An implementation of an
OAuth2AuthorizedClientProvider for the
refresh_token grant.An implementation of a
ReactiveOAuth2AuthorizedClientProvider for the
refresh_token grant.Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern
browsers.
Uses a regular expression to decide whether a supplied the URL of a supplied
HttpServletRequest.A representation of a client registration with an OAuth 2.0 Authorization Server.
A builder for
RegisteredClient.A repository for OAuth 2.0
RegisteredClient(s).This annotation may be used to resolve a method parameter to an argument value of type
OAuth2AuthorizedClient.Strategy used to register a user with the
SessionRegistry after successful
Authentication.An implementation of
ServerAuthenticationSuccessHandler that will register a
ReactiveSessionInformation with the provided ReactiveSessionRegistry.The data object used to provide the information necessary to authenticate a user with
WebAuthn.
Submitted by a client to request registration of a new credential.
Represents a configured relying party (aka Service Provider) and asserting party (aka
Identity Provider) pair.
The configuration metadata of the Asserting party
A factory for creating placeholder resolvers for
RelyingPartyRegistration
templates.A class for resolving
RelyingPartyRegistration URIsA repository for
RelyingPartyRegistrationsA contract for resolving a
RelyingPartyRegistration from the HTTP requestA utility class for constructing instances of
RelyingPartyRegistrationThis exception is thrown when an
Authentication exception occurs while using
the remember-me authentication.Detects if there is no
Authentication object in the SecurityContext,
and populates the context with a remember-me authentication token if a
RememberMeServices implementation so requests.An
AuthenticationProvider implementation that validates
RememberMeAuthenticationTokens.Represents a remembered
Authentication.A builder of
RememberMeAuthenticationToken instancesConfigures Remember Me authentication.
Implement by a class that is capable of providing a remember-me service.
An
OAuth2AuthorizationFailureHandler that removes an
OAuth2AuthorizedClient when the OAuth2Error.getErrorCode() matches one
of the configured OAuth 2.0 error codes.Removes an
OAuth2AuthorizedClient from an
OAuth2AuthorizedClientRepository or OAuth2AuthorizedClientService.A
ReactiveOAuth2AuthorizationFailureHandler that removes an
OAuth2AuthorizedClient when the OAuth2Error.getErrorCode() matches one
of the configured OAuth 2.0 error codes.A simple pre-authenticated filter which obtains the username from request attributes,
for use with SSO systems such as
Stanford
WebAuth or Shibboleth.
A strategy for resolving a
clientRegistrationId from an intercepted request
using attributes.A strategy for resolving a
principal from an intercepted request
using attributes.Stores the
SecurityContext on a
ServletRequest.setAttribute(String, Object) so that it can be
restored when different dispatch types occur.An
HttpServletRequest authorization context.Implements "saved request" logic, allowing a single request to be retrieved and
restarted after redirecting to an authentication mechanism.
Responsible for reconstituting the saved request if one is cached and it matches the
current request.
Adds request cache for Spring Security.
Performs a redirect to the original request URL when an invalid requested session is
detected by the
SessionManagementFilter.A simple pre-authenticated filter which obtains the username from a request header, for
use with systems such as CA Siteminder.
A
RequestMatcher that can be used to match request that contain a header with
an expected header name and an expected value.Simple strategy to match an HttpServletRequest.
The result of matching against an HttpServletRequest contains the status, true or
false, of the match and if present, any variables extracted from the match
An
AccessDeniedHandler that delegates to other AccessDeniedHandler
instances based upon the type of HttpServletRequest passed into
RequestMatcherDelegatingAccessDeniedHandler.handle(HttpServletRequest, HttpServletResponse, AccessDeniedException).An
AuthenticationManagerResolver that returns a AuthenticationManager
instances based upon the type of HttpServletRequest passed into
RequestMatcherDelegatingAuthenticationManagerResolver.resolve(HttpServletRequest).A builder for
RequestMatcherDelegatingAuthenticationManagerResolver.An
AuthorizationManager which delegates to a specific
AuthorizationManager based on a RequestMatcher evaluation.A builder for
RequestMatcherDelegatingAuthorizationManager.Deprecated.
please use
AuthorizationManagerWebInvocationPrivilegeEvaluator and
adapt any delegate WebInvocationPrivilegeEvaluators into
AuthorizationManagersPropertyEditor which creates ELRequestMatcher instances from Strings
This allows to use a String in a BeanDefinition instead of an (inner) bean if a
RequestMatcher is required, e.g.
A rich object for associating a
RequestMatcher to another object.Deprecated.
Deprecated.
Please use
RequestMatcherMetadataResponseResolverAn implementation of
Saml2MetadataResponseResolver that identifies which
RelyingPartyRegistrations to use with a RequestMatcherFilter that redirects requests that match
RequestMatcher to the specified URL.A factory class to create
RequestMatcher instances.Used by
FilterChainProxy to handle an
RequestRejectedException.An
AuthorizationManager that requires all the authorities returned by a
RequiredAuthoritiesRepository implementation.Finds additional required authorities for the provided
Principal.getName()The requirements for an
GrantedAuthority to be considered a valid factor.A builder for
RequiredFactor.An error when the requirements of
RequiredFactor are not met.The ResidentKeyRequirement
describes the Relying Partys requirements for client-side discoverable credentials.
Adds a WWW-Authenticate (or other) header to the response following successful
authentication.
An implementation of
OAuth2AccessTokenResponseClient that "exchanges"
an authorization code for an access token at the Authorization Server's Token Endpoint.An implementation of
OAuth2AccessTokenResponseClient that "exchanges"
client credentials for an access token at the Authorization Server's Token Endpoint.An implementation of
OAuth2AccessTokenResponseClient that "exchanges"
a JWT for an access token at the Authorization Server's Token Endpoint.An implementation of
OAuth2AccessTokenResponseClient that "exchanges"
a refresh token for an access token at the Authorization Server's Token Endpoint.An implementation of
OAuth2AccessTokenResponseClient that "exchanges"
a subject token (and optionally an actor token) for an access token at the
Authorization Server's Token Endpoint.Deprecated.
please use
HttpsRedirectFilter and its
associated PortMapperDeprecated.
please use
HttpsRedirectFilter and its
associated PortMapperThe simple interface of a role hierarchy.
This class defines a role hierarchy for use with various access checking components.
Builder class for constructing a
RoleHierarchyImpl based on a hierarchical
role structure.Utility methods for
RoleHierarchy.Deprecated.
Deprecated.
Use
AuthorityAuthorizationManager
insteadUsed for creating
Key converter instancesAllows configuring RSocket based security.
Deprecated.
Authentication is now separated from authorization in Spring Security.
Deprecated.
Authentication is now separated from authorization in Spring Security.
Deprecated.
Authentication is now separated from authorization in Spring Security.
Deprecated.
Authentication is now separated from authorization in Spring Security.
An authentication based off of a SAML 2.0 Assertion
A builder of
Saml2AssertionAuthentication instancesDeprecated.
Please use
Saml2AssertionAuthentication.getRelyingPartyRegistrationId() and
Saml2ResponseAssertionAccessor insteadAn implementation of an
AbstractAuthenticationToken that represents an
authenticated SAML 2.0 Authentication.This exception is thrown for all SAML 2.0 related
Authentication errors.A repository for
AbstractSaml2AuthenticationRequestA strategy for resolving a SAML 2.0 Authentication Request from the
HttpServletRequest.Represents an incoming SAML 2.0 response containing an assertion that has not been
validated.
An
AuthenticationConverter that generates a Saml2AuthenticationToken
appropriate for authenticated a SAML 2.0 Assertion against an
AuthenticationManager.A representation of an SAML 2.0 Error.
A list of SAML known 2 error codes used during SAML authentication.
Deprecated, for removal: This API element is subject to removal in a future version.
as of 7.0 in favor of
Saml2JacksonModule based on Jackson
3Jackson module for saml2-service-provider.
An
AbstractHttpConfigurer for SAML 2.0 Login, which leverages the SAML 2.0 Web
Browser Single Sign On (WebSSO) Flow.Adds SAML 2.0 logout support.
A class that represents a signed and serialized SAML 2.0 Logout Request
A filter for handling logout requests in the form of a <saml2:LogoutRequest> sent
from the asserting party.
Implementations of this interface are responsible for the persistence of
Saml2LogoutRequest between requests.Creates a signed SAML 2.0 Logout Request based on information from the
HttpServletRequest and current Authentication.Validates SAML 2.0 Logout Requests
A holder of the parameters needed to invoke
Saml2LogoutRequestValidatorResolved a SAML 2.0 Logout Request and associated validation parameters from the given
HttpServletRequest and current Authentication.A class that represents a signed and serialized SAML 2.0 Logout Response
A filter for handling a <saml2:LogoutResponse> sent from the asserting party.
Creates a signed SAML 2.0 Logout Response based on information from the
HttpServletRequest and current Authentication.Validates SAML 2.0 Logout Responses
A holder of the parameters needed to invoke
Saml2LogoutResponseValidatorA result emitted from a SAML 2.0 Logout validation attempt
The type of bindings that messages are exchanged using Supported bindings are
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST and
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect.An
AbstractHttpConfigurer for SAML 2.0 Metadata.A
Filter that returns the metadata for a Relying PartyResolves the SAML 2.0 Relying Party Metadata for a given
RelyingPartyRegistrationResolves Relying Party SAML 2.0 Metadata given details from the
HttpServletRequest.Standard parameter names defined in the SAML 2.0 Specification and used by the
Authentication Request, Assertion Consumer Response, Logout Request, and Logout
Response endpoints.
Data holder for information required to send an
AuthNRequest over a POST
binding from the service provider to the identity provider
https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf
(line 2031)Builder class for a
Saml2PostAuthenticationRequest object.Data holder for information required to send an
AuthNRequest over a REDIRECT
binding from the service provider to the identity provider
https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf
(line 2031)Builder class for a
Saml2RedirectAuthenticationRequest object.A success handler for issuing a SAML 2.0 Logout Request to the SAML 2.0 Asserting Party
An OpenSAML-based implementation of
Saml2ResponseAssertionAccessorAn interface that represents key details from a SAML 2.0 Assertion
A result emitted from a SAML 2.0 Response validation attempt
This
Filter formulates a
SAML 2.0
AuthnRequest (line 1968) and redirects to a configured asserting party.An object for holding a public certificate, any associated private key, and its
intended
usages (Line 584, Section 4.3 Credentials).
Sets the appropriate parameters for CAS's implementation of SAML (which is not
guaranteed to be actually SAML compliant).
Deprecated.
Stores off the values of a cookie in a serializable holder
Encapsulates the functionality required of a cached request for both an authentication
mechanism (typically form-based login) to redirect to the original URL and for a
RequestCache to build a wrapped request, reproducing the original request
data.
An authentication success strategy which can make use of the
DefaultSavedRequest which may
have been stored in the session by the ExceptionTranslationFilter.Implementation of
PasswordEncoder
that uses the Password4j library with SCrypt hashing algorithm.
Implementation of PasswordEncoder that uses the SCrypt hashing function.
Deprecated.
no replacement is planned, though consider using a custom
RequestMatcher for any sophisticated decision-makingJava 5 annotation for describing service layer security attributes.
Deprecated.
An
AuthorizationManager which can determine if an Authentication may
invoke the MethodInvocation by evaluating if the Authentication
contains a specified authority from the Spring Security's Secured annotation.Creates a
SecureRandom instance.An interface to scan for and synthesize an annotation on a type, method, or method
parameter into an annotation of type
<A>.Factory for creating
SecurityAnnotationScanner instances.Interface for building an Object
Deprecated.
In modern Spring Security APIs, each API manages its own configuration
context.
Allows for configuring a
SecurityBuilder.A base class for
SecurityConfigurer that allows subclasses to only implement
the methods they are interested in.Interface defining the minimum security information associated with the current thread
of execution.
Allows for integration with Spring MVC's
Callable support.An event that represents a change in
SecurityContextA listener for
SecurityContextChangedEvents
Creates a
ExecutorChannelInterceptor that will obtain the
Authentication from the specified Message.getHeaders().Allows persisting and restoring of the
SecurityContext found on the
SecurityContextHolder for each request by configuring the
SecurityContextPersistenceFilter.Associates a given
SecurityContext with the current execution thread.A
Filter which populates the ServletRequest with a request
wrapper which implements the servlet API security methods.A Spring Security-aware
HttpServletRequestWrapper, which uses the
SecurityContext-defined Authentication object to implement
the servlet API security methods:
SecurityContextHolderAwareRequestWrapper.getUserPrincipal()
SecurityContextHolderAwareRequestWrapper.isUserInRole(String)
HttpServletRequestWrapper.getRemoteUser().
A
Filter that uses the SecurityContextRepository to
obtain the SecurityContext and set it on the SecurityContextHolder.A strategy for resolving a
principal from an intercepted request
using the SecurityContextHolder.A strategy for storing security context information against a thread.
Base implementation of
SecurityContext.An implementation of
LoginModule that uses a Spring Security
SecurityContext to
provide authentication.Performs a logout by modifying the
SecurityContextHolder.Deprecated.
An
ExecutorChannelInterceptor that takes an Authentication from the
current SecurityContext (if any) in the
SecurityContextPropagationChannelInterceptor.preSend(Message, MessageChannel) callback and stores it into an
SecurityContextPropagationChannelInterceptor.authenticationHeaderName message header.Strategy used for persisting a
SecurityContext between requests.A
ServerLogoutHandler which removes the SecurityContext using the provided
ServerSecurityContextRepositoryOverrides the
ServerWebExchange.getPrincipal() with the provided
SecurityContextOverride the
ServerWebExchange.getPrincipal() to be looked up using
ReactiveSecurityContextHolder.
By defining this object as a Bean, Spring Security is exposed as SpEL expressions for
creating Spring Data queries.
Facade which isolates Spring Security's requirements for evaluating security
expressions from the implementation of the underlying expression objects
Standard interface for expression root objects used with expression-based security.
Base root object for use in Spring Security expression evaluations.
Defines a filter chain which is capable of being matched against an
HttpServletRequest.Utilities for interacting with
HttpHeadersAn interface for registering AOT hints.
Deprecated, for removal: This API element is subject to removal in a future version.
as of 7.0 in favor of
SecurityJacksonModules based on Jackson 3Jackson module allowing to contribute
PolymorphicTypeValidator configuration.This utility class will find all the Jackson modules contributed by Spring Security in
the classpath (except
OAuth2AuthorizationServerJacksonModule and
WebauthnJacksonModule), enable automatic inclusion of type information and
configure a PolymorphicTypeValidator that handles the validation of class
names.Deprecated.
In modern Spring Security APIs, each API manages its own configuration
context.
Provides Security related
MockMvcConfigurer implementations.Contains Spring Security related
MockMvc RequestBuilders.Creates a form based login request including any necessary
CsrfToken.Creates a logout request (including any necessary
CsrfToken)Contains
MockMvc RequestPostProcessor implementations for Spring
Security.Populates a valid
CsrfToken into the request.Creates a
UsernamePasswordAuthenticationToken and sets the principal to be
a User and associates it to the MockHttpServletRequest.Security related
MockMvc ResultHandlersSecurity related
MockMvc ResultMatchers.A
MockMvc ResultMatcher that verifies a specific user is associated
to the MvcResult.Test utilities for working with Spring Security and
WebTestClient.Builder.apply(WebTestClientConfigurer).Updates the WebServerExchange using
{@link
SecurityMockServerConfigurers#mockAuthentication(Authentication)}.Updates the WebServerExchange using
{@link
SecurityMockServerConfigurers#mockUser(UserDetails)}.Parses elements from the "security" namespace
(http://www.springframework.org/schema/security).
An
ObservationPredicate that can be used to change which Spring Security
observations are made with Micrometer.A builder for configuring a
SecurityObservationSettingsA SocketAcceptorInterceptor that applies Security through a delegate
SocketAcceptorInterceptor.There are many times a user may want to use Spring Security's test support (i.e.
Spring Security extension to Spring's
WebApplicationContextUtils.Defines a filter chain which is capable of being matched against a
ServerWebExchange in order to decide whether it applies to that request.A strategy used for converting from a
ServerWebExchange to an
Authentication used for authenticating with a provided
ReactiveAuthenticationManager.Used to request authentication
Adapts a
ServerAuthenticationEntryPoint into a
ServerAuthenticationFailureHandlerHandles authentication failure
Handles authentication success
Implementations of this interface are responsible for the persistence of
OAuth2AuthorizationRequest between requests.An
ExchangeFilterFunction that adds the
Bearer
Token from an existing OAuth2Token tied to the current
Authentication.A strategy for resolving
Bearer
Tokens from the
ServerWebExchange.An API to allow changing the method in which the expected
CsrfToken is
associated to the ServerWebExchange.An implementation of the
ServerCsrfTokenRequestHandler interface that is
capable of making the CsrfToken available as an exchange attribute and
resolving the token value as either a form data value or header of the request.A callback interface that is used to make the
CsrfToken created by the
ServerCsrfTokenRepository available as an exchange attribute.Implementations of this interface are capable of resolving the token value of a
CsrfToken from the provided ServerWebExchange.Thrown when a
ServerWebExchange is rejected.Handles
ServerExchangeRejectedException thrown by
ServerWebExchangeFirewall.Converts a ServerWebExchange into a UsernamePasswordAuthenticationToken from the form
data HTTP parameters.
Deprecated.
use
ServerFormLoginAuthenticationConverter
instead.A strategy for resolving a
GenerateOneTimeTokenRequest from the
ServerWebExchange.Converts from a
ServerWebExchange to an Authentication that can be
authenticated.Deprecated.
Use
ServerHttpBasicAuthenticationConverter
instead.Interface for writing headers just before the response is committed.
A
ServerHttpSecurity is similar to Spring Security's HttpSecurity but
for WebFlux.Handles log out
Strategy for when log out was successfully performed (typically after
ServerLogoutHandler is invoked).Strategy for handling the scenario when the maximum number of sessions for a user has
been reached.
Converts from a
ServerWebExchange to an
OAuth2AuthorizationCodeAuthenticationToken that can be authenticated.Implementations of this interface are capable of resolving an
OAuth2AuthorizationRequest from the provided ServerWebExchange.Provides an easy mechanism for using an
OAuth2AuthorizedClient to make OAuth2
requests by including the token as a Bearer Token.Implementations of this interface are responsible for the persistence of
Authorized Client(s) between requests.An implementation of
ServerAuthenticationConverter for resolving
OneTimeTokenAuthenticationToken from token parameter.Defines a reactive strategy to handle generated one-time tokens.
A
ServerOneTimeTokenGenerationSuccessHandler that performs a redirect to a
specific locationA strategy for performing redirects.
Saves a
ServerHttpRequest so it can be "replayed" later.A
WebFilter that replays any matching request in ServerRequestCacheStrategy used for persisting a
SecurityContext between requests.A
ReactiveAuthenticationManagerResolver that returns a
ReactiveAuthenticationManager instances based upon the type of
ServerWebExchange passed into ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.resolve(ServerWebExchange).A
ServerAccessDeniedHandler which delegates to multiple
ServerAccessDeniedHandlers based on a ServerWebExchangeMatcherDelegates to a provided
ServerHttpHeadersWriter if
ServerWebExchangeMatcher.matches(ServerWebExchange) returns a match.Interface which can be used to reject potentially dangerous requests and/or wrap them
to control their behaviour.
An interface for determining if a
ServerWebExchangeMatcher matches.The result of matching
A rich object for associating a
ServerWebExchangeMatcher to another object.Provides factory methods for creating common
ServerWebExchangeMatcherA
ThreadLocalAccessor for accessing a ServerWebExchange.Converts from a
SslInfo provided by a request to an
PreAuthenticatedAuthenticationToken that can be authenticated.In order for the
CasAuthenticationProvider to provide the correct service url
to authenticate the ticket, the returned value of Authentication.getDetails()
should implement this interface when tickets can be sent to any URL rather than only
ServiceProperties.getService().The
AuthenticationDetailsSource that is set on the
CasAuthenticationFilter should return a value that implements
ServiceAuthenticationDetails if the application needs to authenticate dynamic
service urls.Stores properties related to this CAS service.
Implements select methods from the
HttpServletRequest using the
SecurityContext from the SecurityContextHolder.An
ExchangeFilterFunction that adds the
Bearer
Token from an existing OAuth2Token tied to the current
Authentication.Provides an easy mechanism for using an
OAuth2AuthorizedClient to make OAuth
2.0 requests by including the access
token as a bearer token.Thrown by an
SessionAuthenticationStrategy or
ServerSessionAuthenticationStrategy to indicate that an authentication object
is not valid for the current session, typically because the same user has exceeded the
number of sessions they are allowed to have concurrently.Allows pluggable support for HttpSession-related behaviour when an authentication
occurs.
Generic session creation event which indicates that a session (potentially represented
by a security context) has begun.
Specifies the various session creation policies for Spring Security.
Generic "session termination" event which indicates that a session (potentially
represented by a security context) has ended.
Indicates a session ID was changed for the purposes of session fixation protection.
Uses
HttpServletRequest.invalidate() to protect against session fixation
attacks.Generic "session ID changed" event which indicates that a session identifier
(potentially represented by a security context) has changed.
Represents a record of a session within the Spring Security framework.
An event for when a
SessionInformation is expired.Determines the behaviour of the
ConcurrentSessionFilter when an expired session
is detected in the ConcurrentSessionFilter.Represents the maximum number of sessions allowed.
Represents the maximum number of sessions allowed.
Allows configuring session management.
Detects that a user has been authenticated since the start of the request and, if they
have, calls the configured
SessionAuthenticationStrategy to perform any
session-related activity such as activating session-fixation protection mechanisms or
checking for multiple concurrent logins.Maintains a registry of
SessionInformation instances.Default implementation of
SessionRegistry which
listens for SessionDestroyedEvents published in the Spring application context.Provides SHA512 digest methods.
A security identity recognised by the ACL system.
Strategy interface that provides an ability to determine the
Sid instances
applicable for an Authentication.Basic implementation of
SidRetrievalStrategy that creates a Sid for the
principal, as well as every granted authority the principal holds.An enumeration of the cryptographic algorithms defined by the JSON Web Algorithms (JWA)
specification and used by JSON Web Signature (JWS) to digitally sign the contents of
the JWS Protected Header and JWS Payload.
This class implements the Attributes2GrantedAuthoritiesMapper interface by doing a
one-to-one mapping from roles to Spring Security GrantedAuthorities.
Encodes Simple
Authentication.
Simple one-to-one
GrantedAuthoritiesMapper which allows for case conversion of
the authority name and the addition of a string prefix (which defaults to ROLE_
).Basic concrete implementation of a
GrantedAuthority.Jackson Mixin class helps in serialize/deserialize
SimpleGrantedAuthority.Deprecated, for removal: This API element is subject to removal in a future version.
as of 7.0 in favor of
org.springframework.security.jackson.SimpleGrantedAuthorityMixin based on
Jackson 3This class implements the MappableAttributesRetriever interface by just returning a
list of mappable attributes as previously set using the corresponding setter method.
Represents the AOP Alliance
MethodInvocation.Performs a redirect to a fixed URL when an invalid requested session is detected by the
SessionManagementFilter.Performs a redirect to a fixed URL when an expired session is detected by the
ConcurrentSessionFilter.A Bean implementation of SavedRequest
AuthenticationFailureHandler which performs a redirect to the value of the
defaultFailureUrl property when the
onAuthenticationFailure method is called.AuthenticationSuccessHandler which can be configured with a default URL which
users should be sent to upon successful authentication.
Handles the navigation on logout by delegating to the
AbstractAuthenticationTargetUrlRequestHandler base class logic.A
MessageMatcher that matches if the provided Message has a type that
is the same as the SimpMessageType that was specified in the constructor.An
AuthorizationManager which creates permit-all and deny-all
AuthorizationManager instances.Parses the SPNEGO authentication Header, which was generated by the browser and creates
a
KerberosServiceRequestToken out if it.Sends back a request for a Negotiate Authentication to the browser.
An implementation of
AuthorizationEventPublisher that uses Spring's event
publishing support.Simple implementation of
AclCache that
delegates to Cache implementation.Caches tickets using a Spring IoC defined
Cache.Caches
UserDetails instances in a Spring defined Cache.A Spring implementation of
OpaqueTokenIntrospector that verifies and
introspects a token using the configured
OAuth 2.0 Introspection
Endpoint.Used to build
SpringOpaqueTokenIntrospector.A Spring implementation of
ReactiveOpaqueTokenIntrospector that verifies and
introspects a token using the configured
OAuth 2.0 Introspection
Endpoint.Used to build
SpringReactiveOpaqueTokenIntrospector.An AuthenticationSource to retrieve authentication information stored in Spring
Security's
SecurityContextHolder.Internal class used for checking version compatibility in a deployed application.
Extension of Spring LDAP's LdapTemplate class which adds extra functionality required
by Spring Security.
The default
MessageSource used by Spring Security.A
ClaimAccessor for the "Standard Claims" that can be returned either
in the UserInfo Response or the ID Token.The names of the "Standard Claims" defined by the OpenID Connect Core 1.0
specification that can be returned either in the UserInfo Response or the ID Token.
Deprecated.
Digest based password encoding is not considered secure.
Caches CAS service tickets and CAS proxy tickets for stateless connections.
Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern
browsers.
HeaderWriter implementation which writes the same Header instance.Allows specifying
HttpHeaders that should be written to the response.
A strict implementation of
HttpFirewall that rejects any suspicious requests
with a RequestRejectedException.
A strict implementation of
ServerWebExchangeFirewall that rejects any
suspicious requests with a ServerExchangeRejectedException.Writes the Strict-Transport-Security if the request is secure.
A generator for unique string keys.
Deprecated.
Please use
SubjectX500PrincipalExtractor insteadExtracts the principal from the
X500Principal.getName(String) returned by
X509Certificate.getSubjectX500Principal() passed into
SubjectX500PrincipalExtractor.extractPrincipal(X509Certificate) depending on the value of
SubjectX500PrincipalExtractor.setExtractPrincipalNameFromEmail(boolean).Implementation of
KerberosClient which uses the SUN JAAS login module, which is
included in the SUN JRE, it will not work with an IBM JRE.Implementation of
KerberosTicketValidator which uses the SUN JAAS login module,
which is included in the SUN JRE, it will not work with an IBM JRE.Implementation of
Configuration which uses Sun's JAAS Krb5LoginModule.A
ClientRegistrationRepository that lazily calls to retrieve
ClientRegistration(s) when requested.A
JwtDecoder that lazily initializes another JwtDecoderA
ReactiveJwtDecoder that lazily initializes another ReactiveJwtDecoderAllows subclasses to modify the
GrantedAuthority list that will be assigned to
the principal when they assume the identity of a different principal.Switch User processing filter responsible for user context switching.
Custom
GrantedAuthority used by
SwitchUserFilterSwitch User processing filter responsible for user context switching.
internal configuration class for taglibs.
Represents the events on the methods of
TestExecutionListenerAn
AuthenticationProvider implementation for the
TestingAuthenticationToken.An
Authentication implementation that is
designed for use whilst unit testing.A builder of
TestingAuthenticationToken instancesThe
TestSecurityContextHolder is very similar to SecurityContextHolder,
but is necessary for testing.Service interface for symmetric encryption of text strings.
Internal utility for escaping characters in HTML strings.
Handler for analyzing
Throwable instances.Interface for handlers extracting the cause out of a specific
Throwable type.A
Customizer that allows invocation of code that throws a checked exception.An implementation of
MethodAuthorizationDeniedHandler that throws
AuthorizationDeniedExceptionA token issued by
TokenService.Identifies previously remembered users by a Base-64 encoded cookie.
A Token Exchange Grant request that holds the
subject token and
optional actor token.An implementation of an
OAuth2AuthorizedClientProvider for the
token-exchange grant.An implementation of an
ReactiveOAuth2AuthorizedClientProvider for the
token-exchange grant.Provides a mechanism to allocate and rebuild secure, randomised tokens.
A facility for token configuration settings.
A builder for
TokenSettings.A marker for
Authentications that should never be stored across requests, for
example a bearer token authenticationA
SecurityContext that is annotated with @Transient and thus should
never be stored across requests.Deprecated.
Use
AuthorizationManager insteadThrown if an
Acl cannot perform an operation because it only loaded a subset of
Sids and the caller has requested details for an unloaded Sid
.Thrown if
securityFilterChain is not valid.Provides static methods for composing URLs.
Models core user information retrieved by a
UserDetailsService.Builds the user to be added.
Used by
InMemoryUserDetailsManager to
temporarily store the attributes associated with a user.Property editor that creates a
UserAttribute from a comma separated list of
values.Provides a cache of
UserDetails objects.A repository for managing
CredentialRecords associated to a user.Provides core user information.
Base class that allows access to the
UserDetailsService for using as a default
value with AuthenticationManagerBuilder.This implementation for AuthenticationUserDetailsService wraps a regular Spring
Security UserDetailsService implementation, to retrieve a UserDetails object based on
the user name contained in an Authentication object.
Called by classes which make use of a
UserDetailsService to check the status of
the loaded UserDetails object.Operations to map a UserDetails object to and from a Spring LDAP
DirContextOperations implementation.An extension of the
UserDetailsService which provides the ability to create new
users and update existing ones.UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>,C extends UserDetailsManagerConfigurer<B,C>>
Base class for populating an
AuthenticationManagerBuilder
with a UserDetailsManager.Constructs an
InMemoryUserDetailsManager from a resource using
UserDetailsResourceFactoryBean.Creates a
Collection<UserDetails> from a @{code Map} in the format ofAn API for changing a
UserDetails password.A
ReactiveAuthenticationManager that uses a ReactiveUserDetailsService
to validate the provided username and password.Parses a Resource that is a Properties file in the format of:
username=password[,enabled|disabled],roles...Core interface which loads user-specific data.
UserDetailsServiceConfigurer<B extends ProviderManagerBuilder<B>,C extends UserDetailsServiceConfigurer<B,C,U>,U extends UserDetailsService>
Allows configuring a
UserDetailsService within a
AuthenticationManagerBuilder.Bean used to lookup a named UserDetailsService or AuthenticationUserDetailsService.
Simple LdapAuthoritiesPopulator which delegates to a UserDetailsService, using the name
which was supplied at login as the username.
Thrown if an
UserDetailsService implementation cannot locate a User by
its username.Processes an authentication form submission.
An
Authentication implementation that is
designed for simple presentation of a username and password.UsernamePasswordAuthenticationToken.Builder<B extends UsernamePasswordAuthenticationToken.Builder<B>>
A builder of
UsernamePasswordAuthenticationToken instancesRepresents a username and password that have been encoded into a
Payload.metadata().UserVerificationRequirement
is used by the Relying Party to indicate if user verification is needed.
UTF-8 Charset encoder/decoder.
Provides integration between the
SecurityContext and Spring Web's
WebAsyncManager by using the
SecurityContextCallableProcessingInterceptor.beforeConcurrentHandling(org.springframework.web.context.request.NativeWebRequest, Callable)
to populate the SecurityContext on the Callable.Well-known keys which are used to store Spring Security information in request or
session scope.
A holder of selected HTTP details related to a web authentication request.
Implementation of
AuthenticationDetailsSource which builds the details object
from an HttpServletRequest object, creating a WebAuthenticationDetails
.A WebAuthn4j implementation
of
WebAuthnRelyingPartyOperations.A
WebAuthnAuthentication is used to represent successful authentication with
WebAuthn.A builder of
WebAuthnAuthentication instancesAuthenticates
PublicKeyCredential<AuthenticatorAssertionResponse> that is
parsed from the body of the HttpServletRequest using the
WebAuthnAuthenticationFilter.setConverter(GenericHttpMessageConverter).An
AuthenticationProvider that uses WebAuthnRelyingPartyOperations for
authentication using an WebAuthnAuthenticationRequestToken.An
Authentication used in
WebAuthnAuthenticationProvider for authenticating via WebAuthn.Configures WebAuthn for Spring Security applications
Deprecated, for removal: This API element is subject to removal in a future version.
as of 7.0 in favor of
WebauthnJacksonModule based
on Jackson 3Adds Jackson support for Spring Security WebAuthn.
Authenticates
PublicKeyCredential<AuthenticatorAssertionResponse> that is
parsed from the body of the HttpServletRequest using the
WebAuthnRegistrationFilter.setConverter(HttpMessageConverter).An API for WebAuthn
Relying Party Operations
An implementation of a
ReactiveOAuth2AccessTokenResponseClient that
"exchanges" an authorization code credential for an access token credential
at the Authorization Server's Token Endpoint.An implementation of a
ReactiveOAuth2AccessTokenResponseClient that
"exchanges" a client credential for an access token credential at the
Authorization Server's Token Endpoint.The default implementation of an
ReactiveOAuth2AccessTokenResponseClient for
the jwt-bearer grant.An implementation of a
ReactiveOAuth2AccessTokenResponseClient for the
refresh_token grant.The default implementation of an
ReactiveOAuth2AccessTokenResponseClient for
the token-exchange grant.An expression-based
AuthorizationManager that determines the access by
evaluating the provided expression.A
WebExpressionAuthorizationManager.Builder for constructing WebExpressionAuthorizationManager
instances.Deprecated.
Use
WebExpressionAuthorizationManager insteadUsed to delegate to a List of
SecurityWebFilterChain instances.A
WebFilterChainProxy.WebFilterChainDecorator that uses the DefaultWebFilterChainA strategy for decorating the provided filter chain with one that accounts for the
SecurityFilterChain for a given request.Success handler that continues the filter chain after authentication success.
A composite of the
ServerWebExchange and the WebFilterChain.Allows users to determine whether they have privileges for a given web URI.
Deprecated, for removal: This API element is subject to removal in a future version.
as of 7.0 in favor of
WebJacksonModule based on Jackson 3Jackson module for spring-security-web.
Deprecated.
This is applied internally using SpringWebMvcImportSelector
The
WebSecurity is created by WebSecurityConfiguration to create the
FilterChainProxy known as the Spring Security Filter Chain
(springSecurityFilterChain).Uses a
WebSecurity to create the FilterChainProxy that performs the web
based security for Spring Security.Allows customization to the
WebSecurity.Callback interface for customizing
WebSecurity.Deprecated, for removal: This API element is subject to removal in a future version.
as of 7.0 in favor of
WebServerJacksonModule based on
Jackson 3Jackson module for spring-security-web-flux.
Deprecated, for removal: This API element is subject to removal in a future version.
as of 7.0 in favor of
WebServletJacksonModule based on
Jackson 3Jackson module for spring-security-web related to servlet.
An implementation of an
ServerAuthorizationRequestRepository that stores
OAuth2AuthorizationRequest in the WebSession.A
ServerLogoutHandler which invalidates the active WebSession.An implementation of an
OAuth2AuthorizedClientRepository that stores
OAuth2AuthorizedClient's in the HttpSession.Stores the
SecurityContext in the
WebSession.Parses Spring Security's websocket namespace support.
This AbstractPreAuthenticatedProcessingFilter implementation is based on WebSphere
authentication.
This AuthenticationDetailsSource implementation will set the pre-authenticated granted
authorities based on the WebSphere groups for the current WebSphere user, mapped using
the configured Attributes2GrantedAuthoritiesMapper.
A utility class for testing spring security
This MappableAttributesRetriever implementation reads the list of defined J2EE
roles from a web.xml file and returns these from {
WebXmlMappableAttributesRetriever.getMappableAttributes().The bean definition parser for a Well-Known URL for Changing Passwords.
Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern
browsers.
When used with
WithSecurityContextTestExecutionListener this annotation can be
added to a test method to emulate running with an anonymous user.When used with
WithSecurityContextTestExecutionListener this annotation can be
added to a test method to emulate running with a mocked user.
An annotation to determine what
SecurityContext to use.An API that works with WithUserTestExcecutionListener for creating a
SecurityContext that is populated in the TestSecurityContextHolder.A
TestExecutionListener that will find annotations that are annotated with
WithSecurityContext on a test method or at the class level.When used with
WithSecurityContextTestExecutionListener this annotation can be
added to a test method to emulate running with a UserDetails returned from the
UserDetailsService.Attempts to extract a client
X509Certificate chain from
HttpServletRequest and then converts to an
OAuth2ClientAuthenticationToken used for authenticating the client using the
tls_client_auth or self_signed_tls_client_auth method.An
AuthenticationProvider implementation used for OAuth 2.0 Client
Authentication, which authenticates the client X509Certificate received when
the tls_client_auth or self_signed_tls_client_auth authentication
method is used.Adds X509 based pre authentication to an application.
Obtains the principal from an X509Certificate for use within the framework.
A
StaticHeadersWriter that inserts headers to prevent content sniffing.Adds X-Content-Type-Options: nosniff
HeaderWriter implementation for the X-Frame-Options headers.The possible values for the X-Frame-Options header.
ServerHttpHeadersWriter implementation for the X-Frame-Options headers.The X-Frame-Options values.
ChannelInterceptor that validates a CSRF token masked by the
XorCsrfTokenRequestAttributeHandler in
the header of any SimpMessageType.CONNECT message.An implementation of the
CsrfTokenRequestHandler interface that is capable of
masking the value of the CsrfToken on each request and resolving the raw token
value from the masked value as either a header or parameter value of the request.An implementation of the
ServerCsrfTokenRequestAttributeHandler and
ServerCsrfTokenRequestResolver interfaces that is capable of masking the value
of the CsrfToken on each request and resolving the raw token value from the
masked value as either a form data value or header of the request.Renders the X-XSS-Protection header.
The value of the x-xss-protection header.
Add the x-xss-protection header.
The value of the x-xss-protection header.
AuthorizationManagerinstead