A B C D E F G H I J K L M N O P R S T U V W X
All Classes All Packages

A

AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,T extends AbstractAuthenticationFilterConfigurer<B,T,F>,F extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter> - Class in org.springframework.security.config.annotation.web.configurers

Base class for configuring AbstractAuthenticationFilterConfigurer.

AbstractAuthenticationFilterConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Creates a new instance with minimal defaults

AbstractAuthenticationFilterConfigurer(F, String) - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Creates a new instance

AbstractConfigAttributeRequestMatcherRegistry<C> - Class in org.springframework.security.config.annotation.web.configurers

A base class for registering RequestMatcher's.

AbstractConfigAttributeRequestMatcherRegistry() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry

AbstractConfiguredSecurityBuilder<O,B extends SecurityBuilder<O>> - Class in org.springframework.security.config.annotation

A base SecurityBuilder that allows SecurityConfigurer to be applied to it.

AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Creates a new instance with the provided ObjectPostProcessor.

AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>, boolean) - Constructor for class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Creates a new instance with the provided ObjectPostProcessor.

AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>,C extends AbstractDaoAuthenticationConfigurer<B,C,U>,U extends org.springframework.security.core.userdetails.UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails

Allows configuring a DaoAuthenticationProvider

AbstractHttpConfigurer<T extends AbstractHttpConfigurer<T,B>,B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers

Adds a convenient base class for SecurityConfigurer instances that operate on HttpSecurity.

AbstractHttpConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConfigurer<C,H>,H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

A base class for configuring the FilterSecurityInterceptor.

AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry<R extends AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry<R,T>,T> - Class in org.springframework.security.config.annotation.web.configurers

AbstractLdapAuthenticationManagerFactory<T extends org.springframework.security.ldap.authentication.AbstractLdapAuthenticator> - Class in org.springframework.security.config.ldap

Creates an AuthenticationManager that can perform LDAP authentication.

AbstractRequestMatcherRegistry<C> - Class in org.springframework.security.config.annotation.web

A base class for registering RequestMatcher's.

AbstractRequestMatcherRegistry() - Constructor for class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

AbstractSecurityBuilder<O> - Class in org.springframework.security.config.annotation

A base SecurityBuilder that ensures the object being built is only built one time.

AbstractSecurityBuilder() - Constructor for class org.springframework.security.config.annotation.AbstractSecurityBuilder

AbstractSecurityWebSocketMessageBrokerConfigurer - Class in org.springframework.security.config.annotation.web.socket

Allows configuring WebSocket Authorization.

AbstractSecurityWebSocketMessageBrokerConfigurer() - Constructor for class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

AbstractServerWebExchangeMatcherRegistry<T> - Class in org.springframework.security.config.web.server

AbstractUserDetailsServiceBeanDefinitionParser - Class in org.springframework.security.config.authentication

AbstractUserDetailsServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser

access(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Allows specifying that URLs are secured by an arbitrary expression

access(String) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Allows specifying that Messages are secured by an arbitrary expression

access(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl

Specifies that the user must have the specified ConfigAttribute's

access(AuthorizationManager<RequestAuthorizationContext>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Allows specifying a custom AuthorizationManager.

access(ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access

access(ReactiveAuthorizationManager<AuthorizationContext>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access

Allows plugging in a custom authorization strategy

Access() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access

ACCESS_DENIED_HANDLER - Static variable in class org.springframework.security.config.Elements

accessDecisionManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Allows subclasses to provide a custom AccessDecisionManager.

accessDecisionManager(AccessDecisionManager) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry

Allows setting the AccessDecisionManager.

accessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer

Specifies the AccessDeniedHandler to be used

accessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec

Configures the ServerAccessDeniedHandler used when a CSRF token is invalid.

accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec

Configures what to do when an authenticated user does not hold a required authority

accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

Configures the ServerAccessDeniedHandler to use for requests authenticating with Bearer Tokens.

accessDeniedPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer

Shortcut to specify the AccessDeniedHandler to be used is a specific error page

accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer

Sets the client used for requesting the access token credential from the Token Endpoint.

accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.TokenEndpointConfig

Sets the client used for requesting the access token credential from the Token Endpoint.

accountExpired(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder

Defines if the account is expired or not.

accountLocked(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder

Defines if the account is locked or not.

addArgumentResolvers(List<HandlerMethodArgumentResolver>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

addArgumentResolvers(List<HandlerMethodArgumentResolver>) - Method in class org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration

Deprecated.

addFilter(Filter) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

addFilter(Filter) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder

Adds a Filter that must be an instance of or extend one of the Filters provided within the Security framework.

addFilterAfter(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

addFilterAfter(Filter, Class<? extends Filter>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder

Allows adding a Filter after one of the known Filter classes.

addFilterAfter(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Adds a WebFilter after specific position.

addFilterAt(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Adds the Filter at the location of the specified Filter class.

addFilterAt(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Adds a WebFilter at a specific position.

addFilterBefore(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

addFilterBefore(Filter, Class<? extends Filter>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder

Allows adding a Filter before one of the known Filter classes.

addFilterBefore(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Adds a WebFilter before specific position.

addHeaderWriter(HeaderWriter) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Adds a HeaderWriter instance

addLogoutHandler(LogoutHandler) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

Adds a LogoutHandler.

addObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter

Adds an ObjectPostProcessor to be used for this SecurityConfigurerAdapter.

addPayloadInterceptor(PayloadInterceptor) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity

Adds a PayloadInterceptor to be used.

addSecurityFilterChainBuilder(SecurityBuilder<? extends SecurityFilterChain>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Adds builders to create SecurityFilterChain instances.

addSha256Pins(String...) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig

Adds a list of SHA256 hashed pins for the pin- directive of the Public-Key-Pins header.

AFTER_INVOCATION_PROVIDER - Static variable in class org.springframework.security.config.Elements

afterInvocationManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Provide a custom AfterInvocationManager for the default implementation of GlobalMethodSecurityConfiguration.methodSecurityInterceptor(MethodSecurityMetadataSource).

afterSingletonsInstantiated() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

afterSingletonsInstantiated() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

AlreadyBuiltException - Exception in org.springframework.security.config.annotation

Thrown when AbstractSecurityBuilder.build() is two or more times.

AlreadyBuiltException(String) - Constructor for exception org.springframework.security.config.annotation.AlreadyBuiltException

ALWAYS - org.springframework.security.config.http.SessionCreationPolicy

Always create an HttpSession

alwaysRemember(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

Whether the cookie should always be created even if the remember-me parameter is not set.

and() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder

Gets the LdapAuthenticationProviderConfigurer for further customizations

and() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer

Allows obtaining a reference to the LdapAuthenticationProviderConfigurer for further customizations

and() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder

Returns the UserDetailsManagerConfigurer for method chaining (i.e.

and() - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter

Return the SecurityBuilder when done using the SecurityConfigurer.

and() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer

Return the HttpSecurity for further customizations

and() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer

Returns the WebSecurity to be returned for chaining.

and() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry

Return the HttpSecurityBuilder when done using the AuthorizeHttpRequestsConfigurer.

and() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry

Return the SecurityBuilder when done using the SecurityConfigurer.

and() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CacheControlConfig

Allows completing configuration of Cache Control and continuing configuration of headers.

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig

Allows completing configuration of Content Security Policy and continuing configuration of headers.

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentTypeOptionsConfig

Allows customizing the HeadersConfigurer

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginEmbedderPolicyConfig

Allows completing configuration of Cross-Origin-Embedder-Policy and continuing configuration of headers.

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginOpenerPolicyConfig

Allows completing configuration of Cross Origin Opener Policy and continuing configuration of headers.

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginResourcePolicyConfig

Allows completing configuration of Cross-Origin-Resource-Policy and continuing configuration of headers.

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FeaturePolicyConfig

Allows completing configuration of Feature Policy and continuing configuration of headers.

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig

Allows continuing customizing the headers configuration.

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig

Allows completing configuration of Public Key Pinning and continuing configuration of headers.

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig

Allows completing configuration of Strict Transport Security and continuing configuration of headers.

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.PermissionsPolicyConfig

Allows completing configuration of Permissions Policy and continuing configuration of headers.

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ReferrerPolicyConfig

and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig

Allows completing configuration of X-XSS-Protection and continuing configuration of headers.

and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer

Returns the OAuth2ClientConfigurer for further configuration.

and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig

Returns the OAuth2LoginConfigurer for further configuration.

and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.RedirectionEndpointConfig

Returns the OAuth2LoginConfigurer for further configuration.

and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.TokenEndpointConfig

Returns the OAuth2LoginConfigurer for further configuration.

and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig

Returns the OAuth2LoginConfigurer for further configuration.

and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer

and() - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer

Deprecated.

Get the OpenIDLoginConfigurer to customize the OpenID configuration further

and() - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer.AttributeConfigurer

Deprecated.

Gets the OpenIDLoginConfigurer.AttributeExchangeConfigurer for further customization of the attributes

and() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer

and() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer

and() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer

Used to chain back to the SessionManagementConfigurer

and() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec

Allows method chaining to continue configuring the ServerHttpSecurity

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec

Allows method chaining to continue configuring the ServerHttpSecurity

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec

Allows method chaining to continue configuring the ServerHttpSecurity

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec

Allows method chaining to continue configuring the ServerHttpSecurity

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec

Allows method chaining to continue configuring the ServerHttpSecurity

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

Allows method chaining to continue configuring the ServerHttpSecurity

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Allows method chaining to continue configuring the ServerHttpSecurity

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec

Allows method chaining to continue configuring the ServerHttpSecurity.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec

Allows method chaining to continue configuring the ServerHttpSecurity.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec

Allows method chaining to continue configuring the ServerHttpSecurity.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec

Allows method chaining to continue configuring the ServerHttpSecurity.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FeaturePolicySpec

Allows method chaining to continue configuring the ServerHttpSecurity.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec

Allows method chaining to continue configuring the ServerHttpSecurity

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec

Allows method chaining to continue configuring the ServerHttpSecurity.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec

Allows method chaining to continue configuring the ServerHttpSecurity.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec

Allows method chaining to continue configuring the ServerHttpSecurity

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec

Allows method chaining to continue configuring the ServerHttpSecurity

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec

Allows method chaining to continue configuring the ServerHttpSecurity

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec

Allows method chaining to continue configuring the ServerHttpSecurity

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

Allows method chaining to continue configuring the ServerHttpSecurity

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec

Allows method chaining to continue configuring the ServerHttpSecurity

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec

Allows method chaining to continue configuring the ServerHttpSecurity.

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec

Allows method chaining to continue configuring the ServerHttpSecurity

and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec

anonymous() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring how an anonymous user is represented.

anonymous() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Specify that URLs are allowed by anonymous users.

anonymous() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl

Specifies that an anonymous user is allowed access

anonymous() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Specify that Messages are allowed by anonymous users.

anonymous() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Enables and Configures anonymous authentication.

anonymous(Customizer<AnonymousConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring how an anonymous user is represented.

anonymous(Customizer<ServerHttpSecurity.AnonymousSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Enables and Configures anonymous authentication.

ANONYMOUS - org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder

Where anonymous authentication is placed.

ANONYMOUS - Static variable in class org.springframework.security.config.Elements

ANONYMOUS_AUTHENTICATION - org.springframework.security.config.web.server.SecurityWebFiltersOrder

Instance of AnonymousAuthenticationWebFilter

AnonymousConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Configures Anonymous authentication (i.e.

AnonymousConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer

Creates a new instance

ant - org.springframework.security.config.http.MatcherType

antMatcher(String) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring the HttpSecurity to only be invoked when matching the provided ant pattern.

antMatchers(String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

Maps a List of AntPathRequestMatcher instances that do not care which HttpMethod is used.

antMatchers(HttpMethod) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

Maps a List of AntPathRequestMatcher instances.

antMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

Maps a List of AntPathRequestMatcher instances.

anyExchange() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec

Always matches

anyExchange() - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry

Maps any request.

anyExchange() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec

Disables authorization.

anyMessage() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Maps any Message to a security expression.

anyRequest() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec

Matches if PayloadExchangeType.isRequest() is true, else not a match

anyRequest() - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

Maps any request.

apply(C) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Applies a SecurityConfigurerAdapter to this SecurityBuilder and invokes SecurityConfigurerAdapter.setBuilder(SecurityBuilder).

ATT_GROUP_ROLE_ATTRIBUTE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

ATT_GROUP_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

ATT_GROUP_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

ATT_HASH - Static variable in class org.springframework.security.config.authentication.PasswordEncoderParser

ATT_LDIF_FILE - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser

Optionally defines an ldif resource to be loaded.

ATT_PORT - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser

Defines the port the LDAP_PROVIDER server should run on

ATT_ROOT_SUFFIX - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser

sets the configuration suffix (default is "dc=springframework,dc=org").

ATT_SERVER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

ATT_USER_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

ATT_USER_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

attribute(String) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer

Deprecated.

Adds an OpenIDAttribute with the given name

attribute(Customizer<OpenIDLoginConfigurer.AttributeExchangeConfigurer.AttributeConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer

Deprecated.

Adds an OpenIDAttribute named "default-attribute".

attribute(OpenIDAttribute) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer

Deprecated.

Adds an OpenIDAttribute to be obtained for the configured OpenID pattern.

attributeExchange(String) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer

Deprecated.

Sets up OpenID attribute exchange for OpenID's matching the specified pattern.

attributeExchange(Customizer<OpenIDLoginConfigurer.AttributeExchangeConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer

Deprecated.

Sets up OpenID attribute exchange for OpenIDs matching the specified pattern.

authenticate(Authentication) - Method in class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider

authenticated() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access

authenticated() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Specify that URLs are allowed by any authenticated user.

authenticated() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Specify that URLs are allowed by any authenticated user.

authenticated() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Specify that Messages are allowed by any authenticated user.

authenticated() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access

Require an authenticated user

authenticatedUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer

Specifies the AuthenticationUserDetailsService that is used with the PreAuthenticatedAuthenticationProvider.

AUTHENTICATION - org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder

A generic placeholder for other types of authentication.

AUTHENTICATION - org.springframework.security.config.web.server.SecurityWebFiltersOrder

AUTHENTICATION_MANAGER - Static variable in class org.springframework.security.config.BeanIds

The "global" AuthenticationManager instance, registered by the <authentication-manager> element

AUTHENTICATION_MANAGER - Static variable in class org.springframework.security.config.Elements

AUTHENTICATION_PROVIDER - Static variable in class org.springframework.security.config.Elements

AuthenticationConfiguration - Class in org.springframework.security.config.annotation.authentication.configuration

Exports the authentication Configuration

AuthenticationConfiguration() - Constructor for class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration

authenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

Use this AuthenticationConverter when converting incoming requests to an Authentication.

authenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec

Sets the converter to use

authenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

Sets the converter to use

authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Specifies a custom AuthenticationDetailsSource.

authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer

Specifies a custom AuthenticationDetailsSource to use for basic authentication.

authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails>) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer

Specifies the AuthenticationDetailsSource

authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer

Sets the AuthenticationEntryPoint to be used.

authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer

The AuthenticationEntryPoint to be populated on BasicAuthenticationFilter in the event that authentication fails.

authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec

Configures what to do when the application request authentication

authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

How to request for authentication.

authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec

Allows easily setting the entry point.

authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

Configures the ServerAuthenticationEntryPoint to use for requests authenticating with Bearer Tokens.

authenticationEventPublisher(AuthenticationEventPublisher) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

Sets the AuthenticationEventPublisher

authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

Configures how a failed authentication is handled.

authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

The ServerAuthenticationFailureHandler used after authentication failure.

authenticationFilter(AnonymousAuthenticationFilter) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer

Sets the AnonymousAuthenticationFilter used to populate an anonymous user.

authenticationFilter(AnonymousAuthenticationWebFilter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec

Sets the AnonymousAuthenticationWebFilter used to populate an anonymous user.

authenticationManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Allows providing a custom AuthenticationManager.

authenticationManager() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Deprecated.

Gets the AuthenticationManager to use.

authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configure the default AuthenticationManager.

authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer

authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer

authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

Allows a configuration of a AuthenticationManager to be used during SAML 2 authentication.

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.BasicAuthenticationSpec

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.JwtSpec

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.SimpleAuthenticationSpec

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configure the default authentication manager.

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

The ReactiveAuthenticationManager used to authenticate.

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec

The ReactiveAuthenticationManager used to authenticate.

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec

Configures the ReactiveAuthenticationManager to use.

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

Configures the ReactiveAuthenticationManager to use.

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

Configures the ReactiveAuthenticationManager to use

authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec

authenticationManagerBean() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Deprecated.

Override this method to expose the AuthenticationManager from WebSecurityConfigurerAdapter.configure(AuthenticationManagerBuilder) to be exposed as a Bean.

AuthenticationManagerBeanDefinitionParser - Class in org.springframework.security.config.authentication

Registers the central ProviderManager used by the namespace configuration, and allows the configuration of an alias, allowing users to reference it in their beans and clearly see where the name is coming from.

AuthenticationManagerBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser

AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider - Class in org.springframework.security.config.authentication

Provider which doesn't provide any service.

authenticationManagerBuilder(ObjectPostProcessor<Object>, ApplicationContext) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration

AuthenticationManagerBuilder - Class in org.springframework.security.config.annotation.authentication.builders

SecurityBuilder used to create an AuthenticationManager.

AuthenticationManagerBuilder(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

Creates a new instance

AuthenticationManagerFactoryBean - Class in org.springframework.security.config.authentication

Factory bean for the namespace AuthenticationManager, which allows a more meaningful error message to be reported in the NoSuchBeanDefinitionException, if the user has forgotten to declare the <authentication-manager> element.

AuthenticationManagerFactoryBean() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean

authenticationManagerResolver(AuthenticationManagerResolver<HttpServletRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

authenticationManagerResolver(ReactiveAuthenticationManagerResolver<ServerWebExchange>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

Configures the ReactiveAuthenticationManagerResolver

authenticationMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

Sets the matcher used for determining if the request is an authentication request.

authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

Add authentication based upon the custom AuthenticationProvider that is passed in.

authenticationProvider(AuthenticationProvider) - Method in interface org.springframework.security.config.annotation.authentication.ProviderManagerBuilder

Add authentication based upon the custom AuthenticationProvider that is passed in.

authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer

Sets the AuthenticationProvider used to validate an anonymous user.

authenticationProvider(AuthenticationProvider) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder

Allows adding an additional AuthenticationProvider to be used

AuthenticationProviderBeanDefinitionParser - Class in org.springframework.security.config.authentication

Wraps a UserDetailsService bean with a DaoAuthenticationProvider and registers the latter with the ProviderManager.

AuthenticationProviderBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AuthenticationProviderBeanDefinitionParser

authenticationRequestResolver(Saml2AuthenticationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

Use this Saml2AuthenticationRequestResolver for generating SAML 2.0 Authentication Requests.

authenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

Allows control over the destination a remembered user is sent to when they are successfully authenticated.

authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

The ServerAuthenticationSuccessHandler used after authentication success.

authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

The ServerAuthenticationSuccessHandler used after authentication success.

authenticationUserDetailsService(AuthenticationUserDetailsService<OpenIDAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer

Deprecated.

The AuthenticationUserDetailsService to use.

authenticationUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer

Specifies the AuthenticationUserDetailsService to use.

authorities(String...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder

Populates the authorities.

authorities(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer

Sets the Authentication.getAuthorities() for anonymous users

authorities(String...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec

Sets the Authentication.getAuthorities() for anonymous users

authorities(List<? extends GrantedAuthority>) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder

Populates the authorities.

authorities(List<GrantedAuthority>) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer

Sets the Authentication.getAuthorities() for anonymous users

authorities(List<GrantedAuthority>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec

Sets the Authentication.getAuthorities() for anonymous users

authorities(GrantedAuthority...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder

Populates the authorities.

authoritiesByUsernameQuery(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

Sets the query to be used for finding a user's authorities by their username.

authoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

Specifies the GrantedAuthoritiesMapper.

AUTHORIZATION - org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder

Where authorization is placed.

AUTHORIZATION - org.springframework.security.config.web.server.SecurityWebFiltersOrder

authorizationCodeGrant() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer

Returns the OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer for configuring the OAuth 2.0 Authorization Code Grant.

authorizationCodeGrant(Customizer<OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer

Configures the OAuth 2.0 Authorization Code Grant.

authorizationEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Returns the OAuth2LoginConfigurer.AuthorizationEndpointConfig for configuring the Authorization Server's Authorization Endpoint.

authorizationEndpoint(Customizer<OAuth2LoginConfigurer.AuthorizationEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Configures the Authorization Server's Authorization Endpoint.

authorizationRequestBaseUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.ImplicitGrantConfigurer

Deprecated.

Sets the base URI used for authorization requests.

authorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer

Sets the repository used for storing OAuth2AuthorizationRequest's.

authorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig

Sets the repository used for storing OAuth2AuthorizationRequest's.

authorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec

Sets the repository to use for storing OAuth2AuthorizationRequest's.

authorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

Sets the repository to use for storing OAuth2AuthorizationRequest's.

authorizationRequestResolver(OAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer

Sets the resolver used for resolving OAuth2AuthorizationRequest's.

authorizationRequestResolver(OAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig

Sets the resolver used for resolving OAuth2AuthorizationRequest's.

authorizationRequestResolver(ServerOAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

Sets the resolver used for resolving OAuth2AuthorizationRequest's.

authorizedClientRepository(OAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer

Sets the repository for authorized client(s).

authorizedClientRepository(OAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Sets the repository for authorized client(s).

authorizedClientRepository(ServerOAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec

Configures the ReactiveClientRegistrationRepository.

authorizedClientRepository(ServerOAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

authorizedClientService(OAuth2AuthorizedClientService) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer

Sets the service for authorized client(s).

authorizedClientService(OAuth2AuthorizedClientService) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Sets the service for authorized client(s).

authorizedClientService(ReactiveOAuth2AuthorizedClientService) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

authorizeExchange() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures authorization.

authorizeExchange(Customizer<ServerHttpSecurity.AuthorizeExchangeSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures authorization.

AuthorizeExchangeSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec

authorizeHttpRequests() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows restricting access based upon the HttpServletRequest using RequestMatcher implementations (i.e.

authorizeHttpRequests(Customizer<AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows restricting access based upon the HttpServletRequest using RequestMatcher implementations (i.e.

AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds a URL based authorization using AuthorizationManager.

AuthorizeHttpRequestsConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer

Creates an instance.

AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry - Class in org.springframework.security.config.annotation.web.configurers

Registry for mapping a RequestMatcher to an AuthorizationManager.

AuthorizeHttpRequestsConfigurer.AuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers

An object that allows configuring the AuthorizationManager for RequestMatchers.

AuthorizeHttpRequestsConfigurer.MvcMatchersAuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers

An AuthorizeHttpRequestsConfigurer.AuthorizedUrl that allows optionally configuring the MvcRequestMatcher.setServletPath(String).

authorizePayload(Customizer<RSocketSecurity.AuthorizePayloadsSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity

AuthorizePayloadsSpec() - Constructor for class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec

authorizeRequests() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows restricting access based upon the HttpServletRequest using RequestMatcher implementations (i.e.

authorizeRequests(Customizer<ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows restricting access based upon the HttpServletRequest using RequestMatcher implementations (i.e.

AutowiredWebSecurityConfigurersIgnoreParents - Class in org.springframework.security.config.annotation.web.configuration

A class used to get all the WebSecurityConfigurer instances from the current ApplicationContext but ignoring the parent.

B

baseUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig

Sets the base URI used for authorization requests.

baseUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.RedirectionEndpointConfig

Sets the URI where the authorization response will be processed.

BASIC_AUTH - Static variable in class org.springframework.security.config.Elements

BASIC_AUTHENTICATION - org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder

Where basic authentication is placed.

basicAuthentication(Customizer<RSocketSecurity.BasicAuthenticationSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity

Deprecated.

Use RSocketSecurity.simpleAuthentication(Customizer)

BeanIds - Class in org.springframework.security.config

Contains globally used default Bean IDs for beans created by the namespace support in Spring Security 2.

BeanIds() - Constructor for class org.springframework.security.config.BeanIds

bearerTokenConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

Configures the ServerAuthenticationConverter to use for requests authenticating with Bearer Tokens.

bearerTokenResolver(BearerTokenResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

beforeConfigure() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Invoked prior to invoking each SecurityConfigurer.configure(SecurityBuilder) method.

beforeConfigure() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

beforeInit() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Invoked prior to invoking each SecurityConfigurer.init(SecurityBuilder) method.

block(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig

If false, will not specify the mode as blocked.

build() - Method in class org.springframework.security.config.annotation.AbstractSecurityBuilder

build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec

build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.BasicAuthenticationSpec

build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity

build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.JwtSpec

build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.SimpleAuthenticationSpec

build() - Method in interface org.springframework.security.config.annotation.SecurityBuilder

Builds the object and returns it or null.

build() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Builds the SecurityWebFilterChain

C

cache() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures cache control headers

cache(Customizer<ServerHttpSecurity.HeaderSpec.CacheSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures cache control headers

cacheControl() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows customizing the CacheControlHeadersWriter.

cacheControl(Customizer<HeadersConfigurer.CacheControlConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows customizing the CacheControlHeadersWriter.

CACHING_SUFFIX - Static variable in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser

chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

Subclasses should implement this method for returning the object that is chained to the creation of the RequestMatcher instances.

chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer

chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer

chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry

Marks the RequestMatcher's as unmapped and then calls AbstractConfigAttributeRequestMatcherRegistry.chainRequestMatchersInternal(List).

chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry

chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry

Subclasses should implement this method for returning the object that is chained to the creation of the RequestMatcher instances.

chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry

chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry

chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry

changePasswordPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer

Sets the change password page.

changePasswordPage(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec

Sets the change password page.

changeSessionId() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer

Specifies that the Servlet container-provided session fixation protection should be used.

ChannelAttributeFactory - Class in org.springframework.security.config.http

Used as a factory bean to create config attribute values for the requires-channel attribute.

channelProcessors(List<ChannelProcessor>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry

Sets the ChannelProcessor instances to use in ChannelDecisionManagerImpl

ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds channel security (i.e.

ChannelSecurityConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer

Creates a new instance

ChannelSecurityConfigurer.ChannelRequestMatcherRegistry - Class in org.springframework.security.config.annotation.web.configurers

ChannelSecurityConfigurer.MvcMatchersRequiresChannelUrl - Class in org.springframework.security.config.annotation.web.configurers

ChannelSecurityConfigurer.RequiresChannelUrl - Class in org.springframework.security.config.annotation.web.configurers

ciRegex - org.springframework.security.config.http.MatcherType

clearAuthentication(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

Specifies if SecurityContextLogoutHandler should clear the Authentication at the time of logout.

CLIENT_REGISTRATIONS - Static variable in class org.springframework.security.config.Elements

clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.ImplicitGrantConfigurer

Deprecated.

Sets the repository of client registrations.

clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer

Sets the repository of client registrations.

clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Sets the repository of client registrations.

clientRegistrationRepository(ReactiveClientRegistrationRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec

Configures the ReactiveClientRegistrationRepository.

clientRegistrationRepository(ReactiveClientRegistrationRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

ClientRegistrationsBeanDefinitionParser - Class in org.springframework.security.config.oauth2.client

ClientRegistrationsBeanDefinitionParser() - Constructor for class org.springframework.security.config.oauth2.client.ClientRegistrationsBeanDefinitionParser

CommonOAuth2Provider - Enum in org.springframework.security.config.oauth2.client

Common OAuth2 Providers that can be used to create builders pre-configured with sensible defaults.

CONCURRENT_SESSIONS - Static variable in class org.springframework.security.config.Elements

configurationSource(CorsConfigurationSource) - Method in class org.springframework.security.config.annotation.web.configurers.CorsConfigurer

configurationSource(CorsConfigurationSource) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec

Configures the CorsConfigurationSource to be used

configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer

configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer

configure(B) - Method in interface org.springframework.security.config.annotation.SecurityConfigurer

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

configure(B) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter

configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer

configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.ImplicitGrantConfigurer

Deprecated.

configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer

configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.CorsConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer

Deprecated.

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer

configure(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter

configure(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Sub classes can override this method to register different types of authentication.

configure(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Deprecated.

Used by the default implementation of WebSecurityConfigurerAdapter.authenticationManager() to attempt to obtain an AuthenticationManager.

configure(HttpSecurity) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Deprecated.

Override this method to configure the HttpSecurity.

configure(WebSecurity) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Deprecated.

Override this method to configure WebSecurity.

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec

configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec

configureClientInboundChannel(ChannelRegistration) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

configureInbound(MessageSecurityMetadataSourceRegistry) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

consumer(OpenIDConsumer) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer

Deprecated.

Allows specifying the OpenIDConsumer to be used.

consumerManager(ConsumerManager) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer

Deprecated.

Allows specifying the ConsumerManager to be used.

containsMapping() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Allows determining if a mapping was added.

contentSecurityPolicy(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows configuration for Content Security Policy (CSP) Level 2.

contentSecurityPolicy(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures Content-Security-Policy response header.

contentSecurityPolicy(Customizer<HeadersConfigurer.ContentSecurityPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows configuration for Content Security Policy (CSP) Level 2.

contentSecurityPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures Content-Security-Policy response header.

contentTypeOptions() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Configures the XContentTypeOptionsHeaderWriter which inserts the X-Content-Type-Options:

contentTypeOptions() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures content type response headers

contentTypeOptions(Customizer<HeadersConfigurer.ContentTypeOptionsConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Configures the XContentTypeOptionsHeaderWriter which inserts the X-Content-Type-Options:

contentTypeOptions(Customizer<ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures content type response headers

CONTEXT_SOURCE - Static variable in class org.springframework.security.config.BeanIds

CONTEXT_SOURCE_SETTING_POST_PROCESSOR - Static variable in class org.springframework.security.config.BeanIds

contextSource() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

Allows easily configuring of a BaseLdapPathContextSource with defaults pointing to an embedded LDAP server that is created.

contextSource(BaseLdapPathContextSource) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

Specifies the BaseLdapPathContextSource to be used.

ContextSourceSettingPostProcessor - Class in org.springframework.security.config.ldap

Checks for the presence of a ContextSource instance.

conversionServicePostProcessor() - Static method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration

cors() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Adds a CorsFilter to be used.

cors() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures CORS headers.

cors(Customizer<CorsConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Adds a CorsFilter to be used.

cors(Customizer<ServerHttpSecurity.CorsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures CORS headers.

CORS - org.springframework.security.config.web.server.SecurityWebFiltersOrder

CorsWebFilter

CORS - Static variable in class org.springframework.security.config.Elements

CorsBeanDefinitionParser - Class in org.springframework.security.config.http

Parser for the CorsFilter.

CorsBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.CorsBeanDefinitionParser

CorsConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds CorsFilter to the Spring Security filter chain.

CorsConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.CorsConfigurer

Creates a new instance

count(int) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer.AttributeConfigurer

Deprecated.

Specifies the number of attribute values to request.

createAuthenticationManager() - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory

Returns the configured AuthenticationManager that can be used to perform LDAP authentication.

createChannelAttributes(String) - Static method in class org.springframework.security.config.http.ChannelAttributeFactory

createDefaultLdapAuthenticator() - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory

Allows subclasses to supply the default AbstractLdapAuthenticator.

createDefaultLdapAuthenticator() - Method in class org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory

createDefaultLdapAuthenticator() - Method in class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory

createExpressionHandler() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Provide a MethodSecurityExpressionHandler that is registered with the ExpressionBasedPreInvocationAdvice.

createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Create the RequestMatcher given a loginProcessingUrl

createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer

createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer

Deprecated.

createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

createMatcher(ParserContext, String, String) - Method in enum org.springframework.security.config.http.MatcherType

createMatcher(ParserContext, String, String, String) - Method in enum org.springframework.security.config.http.MatcherType

createMetadataSource() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Allows subclasses to create creating a MessageSecurityMetadataSource.

createMvcMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

Creates MvcRequestMatcher instances for the method and patterns passed in

createPasswordEncoderBeanDefinition(String, boolean) - Static method in class org.springframework.security.config.authentication.PasswordEncoderParser

credentialsExpired(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder

Defines if the credentials are expired or not.

crossOriginEmbedderPolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows configuration for Cross-Origin-Embedder-Policy header.

crossOriginEmbedderPolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures the Cross-Origin-Embedder-Policy header.

crossOriginEmbedderPolicy(Customizer<HeadersConfigurer.CrossOriginEmbedderPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows configuration for Cross-Origin-Embedder-Policy header.

crossOriginEmbedderPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures the Cross-Origin-Embedder-Policy header.

CrossOriginEmbedderPolicyConfig() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginEmbedderPolicyConfig

crossOriginOpenerPolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows configuration for Cross-Origin-Opener-Policy header.

crossOriginOpenerPolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures the Cross-Origin-Opener-Policy header.

crossOriginOpenerPolicy(Customizer<HeadersConfigurer.CrossOriginOpenerPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows configuration for Cross-Origin-Opener-Policy header.

crossOriginOpenerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures the Cross-Origin-Opener-Policy header.

CrossOriginOpenerPolicyConfig() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginOpenerPolicyConfig

crossOriginResourcePolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows configuration for Cross-Origin-Resource-Policy header.

crossOriginResourcePolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures the Cross-Origin-Resource-Policy header.

crossOriginResourcePolicy(Customizer<HeadersConfigurer.CrossOriginResourcePolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows configuration for Cross-Origin-Resource-Policy header.

crossOriginResourcePolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures the Cross-Origin-Resource-Policy header.

CrossOriginResourcePolicyConfig() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginResourcePolicyConfig

csrf() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Enables CSRF protection.

csrf() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures CSRF Protection which is enabled by default.

csrf(Customizer<CsrfConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Enables CSRF protection.

csrf(Customizer<ServerHttpSecurity.CsrfSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures CSRF Protection which is enabled by default.

CSRF - org.springframework.security.config.web.server.SecurityWebFiltersOrder

CsrfWebFilter

CSRF - Static variable in class org.springframework.security.config.Elements

CsrfBeanDefinitionParser - Class in org.springframework.security.config.http

Parser for the CsrfFilter.

CsrfBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.CsrfBeanDefinitionParser

csrfChannelInterceptor() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

CsrfConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds CSRF protection for the methods as specified by CsrfConfigurer.requireCsrfProtectionMatcher(RequestMatcher).

CsrfConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer

Creates a new instance

csrfTokenRepository(CsrfTokenRepository) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer

Specify the CsrfTokenRepository to use.

csrfTokenRepository(ServerCsrfTokenRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec

Configures the ServerCsrfTokenRepository used to persist the CSRF Token.

CUSTOM_FILTER - Static variable in class org.springframework.security.config.Elements

customize(WebSecurity) - Method in interface org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer

Performs the customizations on WebSecurity.

customize(T) - Method in interface org.springframework.security.config.Customizer

Performs the customizations on the input argument.

customizeClientInboundChannel(ChannelRegistration) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

Allows subclasses to customize the configuration of the ChannelRegistration .

Customizer<T> - Interface in org.springframework.security.config

Callback interface that accepts a single input argument and returns no result.

customMethodSecurityMetadataSource() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Provides a custom MethodSecurityMetadataSource that is registered with the GlobalMethodSecurityConfiguration.methodSecurityMetadataSource().

customUserType(Class<? extends OAuth2User>, String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig

Deprecated.

See CustomUserTypesOAuth2UserService for alternative usage.

D

DaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>,U extends org.springframework.security.core.userdetails.UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails

Allows configuring a DaoAuthenticationProvider

DaoAuthenticationConfigurer(U) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.userdetails.DaoAuthenticationConfigurer

Creates a new instance

dataSource(DataSource) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

Populates the DataSource to be used.

debug() - Method in annotation type org.springframework.security.config.annotation.web.configuration.EnableWebSecurity

Controls debugging support for Spring Security.

debug(boolean) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Controls debugging support for Spring Security.

DEBUG - Static variable in class org.springframework.security.config.Elements

DEBUG_FILTER - Static variable in class org.springframework.security.config.BeanIds

DebugBeanDefinitionParser - Class in org.springframework.security.config

DebugBeanDefinitionParser() - Constructor for class org.springframework.security.config.DebugBeanDefinitionParser

decoder(JwtDecoder) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer

decorate(Node, BeanDefinitionHolder, ParserContext) - Method in class org.springframework.security.config.http.FilterChainMapBeanDefinitionDecorator

decorate(Node, BeanDefinitionHolder, ParserContext) - Method in class org.springframework.security.config.method.InterceptMethodsBeanDefinitionDecorator

decorate(Node, BeanDefinitionHolder, ParserContext) - Method in class org.springframework.security.config.SecurityNamespaceHandler

DEF_GROUP_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

DEF_GROUP_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

DEF_USER_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

defaultAccessDeniedHandlerFor(AccessDeniedHandler, RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer

Sets a default AccessDeniedHandler to be used which prefers being invoked for the provided RequestMatcher.

defaultAuthenticationEntryPointFor(AuthenticationEntryPoint, RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer

Sets a default AuthenticationEntryPoint to be used which prefers being invoked for the provided RequestMatcher.

DefaultFilterChainValidator - Class in org.springframework.security.config.http

DefaultFilterChainValidator() - Constructor for class org.springframework.security.config.http.DefaultFilterChainValidator

DefaultLoginPageConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds a Filter that will generate a login page if one is not specified otherwise when using EnableWebSecurity.

DefaultLoginPageConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer

defaultLogoutSuccessHandlerFor(LogoutSuccessHandler, RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

Sets a default LogoutSuccessHandler to be used which prefers being invoked for the provided RequestMatcher.

defaultsDisabled() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Clears all of the default headers from the response.

defaultSuccessUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Specifies where users will be redirected after authenticating successfully if they have not visited a secured page prior to authenticating.

defaultSuccessUrl(String, boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Specifies where users will be redirected after authenticating successfully if they have not visited a secured page prior to authenticating or alwaysUse is true.

delegatingApplicationListener() - Static method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration

deleteCookies(String...) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

Allows specifying the names of cookies to be removed on logout success.

deny() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig

Specify to DENY framing any content from this application.

denyAll() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access

denyAll() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Specify that URLs are not allowed by anyone.

denyAll() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Specify that URLs are not allowed by anyone.

denyAll() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Specify that Messages are not allowed by anyone.

denyAll() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access

Deny access for everyone

destroy() - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

disable() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

Disables the AbstractHttpConfigurer by removing it.

disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CacheControlConfig

Disables Cache Control

disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentTypeOptionsConfig

Removes the X-XSS-Protection header.

disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig

Prevents the header from being added to the response.

disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig

Prevents the header from being added to the response.

disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig

Disables Strict Transport Security

disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig

Disables X-XSS-Protection header (does not include it)

disable() - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec

Disables anonymous authentication.

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec

Disables CORS support within Spring Security.

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec

Disables CSRF Protection.

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

Disables HTTP Basic authentication.

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CacheSpec

Disables cache control response headers

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec

Disables the content type options response header

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Disables http response headers

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FrameOptionsSpec

Disables frame options response header

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec

Disables strict transport security response header

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.XssProtectionSpec

Disables the x-xss-protection response header

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec

Disables HTTP Basic authentication.

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec

Disables log out

disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec

Disables the ServerHttpSecurity.RequestCacheSpec

disabled(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder

Defines if the account is disabled or not.

dispatcherTypeMatchers(DispatcherType...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

Create a List of DispatcherTypeRequestMatcher instances that do not specify an HttpMethod.

dispatcherTypeMatchers(HttpMethod, DispatcherType...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

Maps a List of DispatcherTypeRequestMatcher instances.

doBuild() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Executes the build using the SecurityConfigurer's that have been applied using the following steps: Invokes AbstractConfiguredSecurityBuilder.beforeInit() for any subclass to hook into Invokes SecurityConfigurer.init(SecurityBuilder) for any SecurityConfigurer that was applied to this builder. Invokes AbstractConfiguredSecurityBuilder.beforeConfigure() for any subclass to hook into Invokes AbstractConfiguredSecurityBuilder.performBuild() which actually builds the Object

doBuild() - Method in class org.springframework.security.config.annotation.AbstractSecurityBuilder

Subclasses should implement this to perform the build.

doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser

doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.authentication.JdbcUserServiceBeanDefinitionParser

doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.authentication.UserServiceBeanDefinitionParser

doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

E

Elements - Class in org.springframework.security.config

Contains all the element names used by Spring Security 3 namespace support.

Elements() - Constructor for class org.springframework.security.config.Elements

EMBEDDED_APACHE_DS - Static variable in class org.springframework.security.config.BeanIds

EMBEDDED_UNBOUNDID - Static variable in class org.springframework.security.config.BeanIds

EmbeddedLdapServerContextSourceFactoryBean - Class in org.springframework.security.config.ldap

Creates a DefaultSpringSecurityContextSource used to perform LDAP authentication and starts and in-memory LDAP server.

EmbeddedLdapServerContextSourceFactoryBean() - Constructor for class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

EnableGlobalAuthentication - Annotation Type in org.springframework.security.config.annotation.authentication.configuration

The EnableGlobalAuthentication annotation signals that the annotated class can be used to configure a global instance of AuthenticationManagerBuilder.

enableGlobalAuthenticationAutowiredConfigurer(ApplicationContext) - Static method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration

EnableGlobalMethodSecurity - Annotation Type in org.springframework.security.config.annotation.method.configuration

Enables Spring Security global method security similar to the <global-method-security> xml support.

EnableMethodSecurity - Annotation Type in org.springframework.security.config.annotation.method.configuration

Enables Spring Security Method Security.

EnableReactiveMethodSecurity - Annotation Type in org.springframework.security.config.annotation.method.configuration

EnableRSocketSecurity - Annotation Type in org.springframework.security.config.annotation.rsocket

Add this annotation to a Configuration class to have Spring Security RSocketSecurity support added.

enableSessionUrlRewriting(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

If set to true, allows HTTP sessions to be rewritten in the URLs when using HttpServletResponse.encodeRedirectURL(String) or HttpServletResponse.encodeURL(String), otherwise disallows HTTP sessions to be included in the URL.

EnableWebFluxSecurity - Annotation Type in org.springframework.security.config.annotation.web.reactive

Add this annotation to a Configuration class to have Spring Security WebFlux support added.

EnableWebMvcSecurity - Annotation Type in org.springframework.security.config.annotation.web.servlet.configuration

Deprecated.

Use EnableWebSecurity instead which will automatically add the Spring MVC related Security items.

EnableWebSecurity - Annotation Type in org.springframework.security.config.annotation.web.configuration

Add this annotation to an @Configuration class to have the Spring Security configuration defined in any WebSecurityConfigurer or more likely by exposing a SecurityFilterChain bean:

eraseCredentials(boolean) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

EXCEPTION_TRANSLATION - org.springframework.security.config.web.server.SecurityWebFiltersOrder

exceptionHandling() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring exception handling.

exceptionHandling() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures exception handling (i.e.

exceptionHandling(Customizer<ExceptionHandlingConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring exception handling.

exceptionHandling(Customizer<ServerHttpSecurity.ExceptionHandlingSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures exception handling (i.e.

ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds exception handling for Spring Security related exceptions to an application.

ExceptionHandlingConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer

Creates a new instance

expiredSessionStrategy(SessionInformationExpiredStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer

Determines the behaviour when an expired session is detected.

expiredUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer

The URL to redirect to if a user tries to access a resource and their session has been expired due to too many sessions for the current user.

EXPRESSION_HANDLER - Static variable in class org.springframework.security.config.Elements

expressionHandler(SecurityExpressionHandler<Message<Object>>) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

The SecurityExpressionHandler to be used.

expressionHandler(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Set the SecurityExpressionHandler to be used.

expressionHandler(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry

Allows customization of the SecurityExpressionHandler to be used.

ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds URL based authorization based upon SpEL expressions to an application.

ExpressionUrlAuthorizationConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer

Creates a new instance

ExpressionUrlAuthorizationConfigurer.AuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers

ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry - Class in org.springframework.security.config.annotation.web.configurers

ExpressionUrlAuthorizationConfigurer.MvcMatchersAuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers

An ExpressionUrlAuthorizationConfigurer.AuthorizedUrl that allows optionally configuring the MvcRequestMatcher.setMethod(HttpMethod)

F

FACEBOOK - org.springframework.security.config.oauth2.client.CommonOAuth2Provider

failureForwardUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer

Forward Authentication Failure Handler

failureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Specifies the AuthenticationFailureHandler to use when authentication fails.

failureUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

The URL to send users if authentication fails.

featurePolicy(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Deprecated.

Use HeadersConfigurer.permissionsPolicy(Customizer) instead.

featurePolicy(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Deprecated.

Use ServerHttpSecurity.HeaderSpec.permissionsPolicy(Customizer) instead.

FILTER_CHAIN - Static variable in class org.springframework.security.config.Elements

FILTER_CHAIN_MAP - Static variable in class org.springframework.security.config.Elements

FILTER_CHAIN_PROXY - Static variable in class org.springframework.security.config.BeanIds

FILTER_CHAINS - Static variable in class org.springframework.security.config.BeanIds

FILTER_SECURITY_METADATA_SOURCE - Static variable in class org.springframework.security.config.Elements

FilterChainBeanDefinitionParser - Class in org.springframework.security.config.http

FilterChainBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.FilterChainBeanDefinitionParser

FilterChainMapBeanDefinitionDecorator - Class in org.springframework.security.config.http

Sets the filter chain Map for a FilterChainProxy bean declaration.

FilterChainMapBeanDefinitionDecorator() - Constructor for class org.springframework.security.config.http.FilterChainMapBeanDefinitionDecorator

FilterInvocationSecurityMetadataSourceParser - Class in org.springframework.security.config.http

Allows for convenient creation of a FilterInvocationSecurityMetadataSource bean for use with a FilterSecurityInterceptor.

FilterInvocationSecurityMetadataSourceParser() - Constructor for class org.springframework.security.config.http.FilterInvocationSecurityMetadataSourceParser

filterSecurityInterceptorOncePerRequest(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry

Allows setting if the FilterSecurityInterceptor should be only applied once per request (i.e.

FIRST - org.springframework.security.config.web.server.SecurityWebFiltersOrder

FORM_LOGIN - org.springframework.security.config.web.server.SecurityWebFiltersOrder

Instance of AuthenticationWebFilter

FORM_LOGIN - Static variable in class org.springframework.security.config.Elements

formLogin() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Specifies to support form based authentication.

formLogin() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures form based authentication.

formLogin(Customizer<FormLoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Specifies to support form based authentication.

formLogin(Customizer<ServerHttpSecurity.FormLoginSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures form based authentication.

FormLoginBeanDefinitionParser - Class in org.springframework.security.config.http

FormLoginConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds form based authentication.

FormLoginConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer

Creates a new instance

frameOptions() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows customizing the XFrameOptionsHeaderWriter.

frameOptions() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures frame options response headers

frameOptions(Customizer<HeadersConfigurer.FrameOptionsConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows customizing the XFrameOptionsHeaderWriter.

frameOptions(Customizer<ServerHttpSecurity.HeaderSpec.FrameOptionsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures frame options response headers

fromEmbeddedLdapServer() - Static method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

Create an EmbeddedLdapServerContextSourceFactoryBean that will use an embedded LDAP server to perform LDAP authentication.

fromResource(Resource) - Static method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean

Create a ReactiveUserDetailsServiceResourceFactoryBean with a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

fromResource(Resource) - Static method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean

Create a UserDetailsResourceFactoryBean with a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

fromResource(Resource) - Static method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean

Create a UserDetailsManagerResourceFactoryBean with a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

fromResourceLocation(String) - Static method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean

Create a ReactiveUserDetailsServiceResourceFactoryBean with the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

fromResourceLocation(String) - Static method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean

Create a UserDetailsResourceFactoryBean with the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

fromResourceLocation(String) - Static method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean

Create a UserDetailsManagerResourceFactoryBean with the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

fromString(String) - Static method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean

Create a ReactiveUserDetailsServiceResourceFactoryBean with a String that is in the format defined in UserDetailsResourceFactoryBean.

fromString(String) - Static method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean

Creates a UserDetailsResourceFactoryBean with a resource from the provided String

fromString(String) - Static method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean

Create a UserDetailsManagerResourceFactoryBean with a String that is in the format defined in UserDetailsResourceFactoryBean.

fullyAuthenticated() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Specify that URLs are allowed by users who have authenticated and were not "remembered".

fullyAuthenticated() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Specify that Messages are allowed by users who have authenticated and were not "remembered".

G

getApplicationContext() - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

Gets the ApplicationContext

getApplicationContext() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Deprecated.

Gets the ApplicationContext

getAuthenticationEntryPoint() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Gets the Authentication Entry Point

getAuthenticationEntryPointMatcher(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

getAuthenticationFilter() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Gets the Authentication Filter

getAuthenticationManager() - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration

getAuthenticationManager() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec

getAuthoritiesMapper() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

Gets the GrantedAuthoritiesMapper and defaults to SimpleAuthorityMapper.

getBeanClassName(Element) - Method in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser

getBeanClassName(Element) - Method in class org.springframework.security.config.authentication.JdbcUserServiceBeanDefinitionParser

getBeanClassName(Element) - Method in class org.springframework.security.config.authentication.UserServiceBeanDefinitionParser

getBeanClassName(Element) - Method in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

getBuilder() - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter

Gets the SecurityBuilder.

getBuilder(String) - Method in enum org.springframework.security.config.oauth2.client.CommonOAuth2Provider

Create a new ClientRegistration.Builder pre-configured with provider defaults.

getBuilder(String, ClientAuthenticationMethod, String) - Method in enum org.springframework.security.config.oauth2.client.CommonOAuth2Provider

getConfigurer(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Gets the SecurityConfigurer by its class name or null if not found.

getConfigurer(Class<C>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder

Gets the SecurityConfigurer by its class name or null if not found.

getConfigurers(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Gets all the SecurityConfigurer instances by its class name or an empty List if not found.

getContextSource() - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory

Gets the BaseLdapPathContextSource used to perform LDAP authentication.

getDatabasePopulator() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

getDefaultUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

Gets the default UserDetailsService for the AuthenticationManagerBuilder.

getExpressionHandler() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Gets the MethodSecurityExpressionHandler or creates it using GlobalMethodSecurityConfiguration.expressionHandler.

getExpressionHandler() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Gets the SecurityExpressionHandler to be used.

getFailureUrl() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Gets the URL to send users to if authentication fails

getHttp() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Deprecated.

Creates the HttpSecurity or returns the current instance

getIntrospector() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec

getJwtAuthenticationConverter() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

getJwtDecoder() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

getLoginPage() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Gets the login page

getLoginProcessingUrl() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Gets the URL to submit an authentication request to (i.e.

getLogoutHandlers() - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

Gets the LogoutHandler instances that will be used.

getLogoutSuccessHandler() - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

Gets the LogoutSuccessHandler if not null, otherwise creates a new SimpleUrlLogoutSuccessHandler using the LogoutConfigurer.logoutSuccessUrl(String).

getMatchers() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

getMatchers() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

getMatchers() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl

getObject() - Method in class org.springframework.security.config.annotation.AbstractSecurityBuilder

Gets the object that was built.

getObject() - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean

getObject() - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean

getObject() - Method in class org.springframework.security.config.core.userdetails.UserDetailsMapFactoryBean

getObject() - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean

getObject() - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor

getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean

getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor

getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor

getObject() - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean

getObjectType() - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean

getObjectType() - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean

getObjectType() - Method in class org.springframework.security.config.core.userdetails.UserDetailsMapFactoryBean

getObjectType() - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean

getObjectType() - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor

getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean

getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor

getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor

getObjectType() - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean

getOrBuild() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Similar to AbstractSecurityBuilder.build() and AbstractSecurityBuilder.getObject() but checks the state to determine if AbstractSecurityBuilder.build() needs to be called first.

getOrder() - Method in enum org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder

getOrder() - Method in class org.springframework.security.config.ldap.ContextSourceSettingPostProcessor

getOrder() - Method in enum org.springframework.security.config.web.server.SecurityWebFiltersOrder

getPasswordEncoder() - Method in class org.springframework.security.config.authentication.PasswordEncoderParser

getPathPatternParser() - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry

getPathPatternParser() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec

getPrivilegeEvaluator() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Gets the WebInvocationPrivilegeEvaluator to be used.

getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer

The AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry is what users will interact with after applying the AuthorizeHttpRequestsConfigurer.

getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer

getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer

getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer

The StandardInterceptUrlRegistry is what users will interact with after applying the UrlAuthorizationConfigurer.

getRolePrefix() - Method in class org.springframework.security.config.core.GrantedAuthorityDefaults

The default prefix used with role based authorization.

getSharedObject(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Gets a shared Object.

getSharedObject(Class<C>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder

Gets a shared Object.

getSharedObjects() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Gets the shared objects

getSource(Element, ParserContext) - Method in class org.springframework.security.config.http.CorsBeanDefinitionParser

getUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

getUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer

Gets the UserDetailsService that is used with the DaoAuthenticationProvider

getUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsAwareConfigurer

Gets the UserDetailsService or null if it is not available

getWebSecurityConfigurers() - Method in class org.springframework.security.config.annotation.web.configuration.AutowiredWebSecurityConfigurersIgnoreParents

GITHUB - org.springframework.security.config.oauth2.client.CommonOAuth2Provider

GLOBAL_METHOD_SECURITY - Static variable in class org.springframework.security.config.Elements

GlobalAuthenticationConfigurerAdapter - Class in org.springframework.security.config.annotation.authentication.configuration

A SecurityConfigurer that can be exposed as a bean to configure the global AuthenticationManagerBuilder.

GlobalAuthenticationConfigurerAdapter() - Constructor for class org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter

GlobalMethodSecurityBeanDefinitionParser - Class in org.springframework.security.config.method

Processes the top-level "global-method-security" element.

GlobalMethodSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser

GlobalMethodSecurityConfiguration - Class in org.springframework.security.config.annotation.method.configuration

Base Configuration for enabling global method security.

GlobalMethodSecurityConfiguration() - Constructor for class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

GOOGLE - org.springframework.security.config.oauth2.client.CommonOAuth2Provider

GrantedAuthorityDefaults - Class in org.springframework.security.config.core

Allows providing defaults for GrantedAuthority

GrantedAuthorityDefaults(String) - Constructor for class org.springframework.security.config.core.GrantedAuthorityDefaults

groupAuthoritiesByUsername(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

An SQL statement to query user's group authorities given a username.

groupRoleAttribute(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

Specifies the attribute name which contains the role name.

groupSearchBase(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

The search base for group membership searches.

groupSearchFilter(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

The LDAP filter to search for groups.

groupSearchSubtree(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

If set to true, a subtree scope search will be performed for group membership.

H

hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access

hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Specifies that a user requires one of many authorities.

hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Specify that URLs requires any of a number authorities.

hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl

Specifies that a user requires one of many authorities

hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Specify that Message instances requires any of a number authorities.

hasAnyAuthority(String...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access

Require any authority

hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access

hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Specifies that a user requires one of many roles.

hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Shortcut for specifying URLs require any of a number of roles.

hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl

Specifies that a user requires one of many roles.

hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Shortcut for specifying Message instances require any of a number of roles.

hasAnyRole(String...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access

Require any specific role.

hasAuthority(String) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access

hasAuthority(String) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Specifies a user requires an authority.

hasAuthority(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Specify that URLs require a particular authority.

hasAuthority(String) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl

Specifies a user requires an authority.

hasAuthority(String) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Specify that Message instances require a particular authority.

hasAuthority(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access

Require a specific authority.

hasIpAddress(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Specify that URLs requires a specific IP Address or subnet.

hasIpAddress(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access

Require a specific IP address or range using an IP/Netmask (e.g.

hasRole(String) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access

hasRole(String) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Specifies a user requires a role.

hasRole(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Shortcut for specifying URLs require a particular role.

hasRole(String) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl

Specifies a user requires a role.

hasRole(String) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Shortcut for specifying Message instances require a particular role.

hasRole(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access

Require a specific role.

headers() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Adds the Security headers to the response.

headers() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures HTTP Response Headers.

headers(Customizer<HeadersConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Adds the Security headers to the response.

headers(Customizer<ServerHttpSecurity.HeaderSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures HTTP Response Headers.

HEADERS - Static variable in class org.springframework.security.config.Elements

HeadersBeanDefinitionParser - Class in org.springframework.security.config.http

Parser for the HeadersFilter.

HeadersBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.HeadersBeanDefinitionParser

HeadersConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds the Security HTTP headers to the response.

HeadersConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Creates a new instance

HeadersConfigurer.CacheControlConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.ContentSecurityPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.ContentTypeOptionsConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.CrossOriginEmbedderPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.CrossOriginOpenerPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.CrossOriginResourcePolicyConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.FeaturePolicyConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.FrameOptionsConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.HpkpConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.HstsConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.PermissionsPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.ReferrerPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers

HeadersConfigurer.XXssConfig - Class in org.springframework.security.config.annotation.web.configurers

hsts() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures the Strict Transport Security response headers

hsts(Customizer<ServerHttpSecurity.HeaderSpec.HstsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures the Strict Transport Security response headers

http() - Static method in class org.springframework.security.config.web.server.ServerHttpSecurity

Creates a new instance.

http(int) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer

Adds a port mapping

HTTP - Static variable in class org.springframework.security.config.Elements

HTTP_BASIC - org.springframework.security.config.web.server.SecurityWebFiltersOrder

Instance of AuthenticationWebFilter

HTTP_FIREWALL - Static variable in class org.springframework.security.config.Elements

HTTP_HEADERS_WRITER - org.springframework.security.config.web.server.SecurityWebFiltersOrder

httpBasic() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures HTTP Basic authentication.

httpBasic() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures HTTP Basic authentication.

httpBasic(Customizer<HttpBasicConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures HTTP Basic authentication.

httpBasic(Customizer<ServerHttpSecurity.HttpBasicSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures HTTP Basic authentication.

HttpBasicConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers

Adds HTTP basic based authentication.

HttpBasicConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer

Creates a new instance

httpFirewall(HttpFirewall) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Allows customizing the HttpFirewall.

HttpFirewallBeanDefinitionParser - Class in org.springframework.security.config.http

Injects the supplied HttpFirewall bean reference into the FilterChainProxy.

HttpFirewallBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.HttpFirewallBeanDefinitionParser

httpPublicKeyPinning() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows customizing the HpkpHeaderWriter which provides support for HTTP Public Key Pinning (HPKP).

httpPublicKeyPinning(Customizer<HeadersConfigurer.HpkpConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows customizing the HpkpHeaderWriter which provides support for HTTP Public Key Pinning (HPKP).

HTTPS_REDIRECT - org.springframework.security.config.web.server.SecurityWebFiltersOrder

HttpsRedirectWebFilter

HttpSecurity - Class in org.springframework.security.config.annotation.web.builders

A HttpSecurity is similar to Spring Security's XML <http> element in the namespace configuration.

HttpSecurity(ObjectPostProcessor<Object>, AuthenticationManagerBuilder, Map<Class<?>, Object>) - Constructor for class org.springframework.security.config.annotation.web.builders.HttpSecurity

Creates a new instance

HttpSecurity.MvcMatchersRequestMatcherConfigurer - Class in org.springframework.security.config.annotation.web.builders

An extension to HttpSecurity.RequestMatcherConfigurer that allows optionally configuring the servlet path.

HttpSecurity.RequestMatcherConfigurer - Class in org.springframework.security.config.annotation.web.builders

Allows mapping HTTP requests that this HttpSecurity will be used for

HttpSecurityBeanDefinitionParser - Class in org.springframework.security.config.http

Sets up HTTP security: filter stack and protected URLs.

HttpSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser

HttpSecurityBuilder<H extends HttpSecurityBuilder<H>> - Interface in org.springframework.security.config.annotation.web

HttpsRedirectSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec

httpsRedirectWhen(Function<ServerWebExchange, Boolean>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec

Configures when this filter should redirect to https By default, the filter will redirect whenever an exchange's scheme is not https

httpsRedirectWhen(ServerWebExchangeMatcher...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec

Configures when this filter should redirect to https By default, the filter will redirect whenever an exchange's scheme is not https

httpStrictTransportSecurity() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows customizing the HstsHeaderWriter which provides support for HTTP Strict Transport Security (HSTS).

httpStrictTransportSecurity(Customizer<HeadersConfigurer.HstsConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows customizing the HstsHeaderWriter which provides support for HTTP Strict Transport Security (HSTS).

I

identifierPattern(String) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer

Deprecated.

Sets the regular expression for matching on OpenID's (i.e.

IF_REQUIRED - org.springframework.security.config.http.SessionCreationPolicy

Spring Security will only create an HttpSession if required

ignoring() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Allows adding RequestMatcher instances that Spring Security should ignore.

ignoringAntMatchers(String...) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer

Allows specifying HttpServletRequest that should not use CSRF Protection even if they match the CsrfConfigurer.requireCsrfProtectionMatcher(RequestMatcher).

ignoringRequestMatchers(RequestMatcher...) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer

Allows specifying HttpServletRequests that should not use CSRF Protection even if they match the CsrfConfigurer.requireCsrfProtectionMatcher(RequestMatcher).

ImplicitGrantConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client

Deprecated.

It is not recommended to use the implicit flow due to the inherent risks of returning access tokens in an HTTP redirect without any confirmation that it has been received by the client. See reference OAuth 2.0 Implicit Grant.

ImplicitGrantConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.ImplicitGrantConfigurer

Deprecated.

inboundChannelSecurity(MessageSecurityMetadataSource) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

inboundMessageSecurityMetadataSource() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

includeSubdomains(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec

Configures if subdomains should be included.

includeSubDomains(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig

If true, the pinning policy applies to this pinned host as well as any subdomains of the host's domain name.

includeSubDomains(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig

If true, subdomains should be considered HSTS Hosts too.

INET_ORG_PERSON_MAPPER_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

init() - Method in class org.springframework.security.config.SecurityNamespaceHandler

init(B) - Method in interface org.springframework.security.config.annotation.SecurityConfigurer

Initialize the SecurityBuilder.

init(B) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter

init(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

init(B) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer

init(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer

init(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

init(B) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

Initialize the SecurityBuilder.

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer

Populates a PreAuthenticatedAuthenticationProvider into HttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider) and a Http403ForbiddenEntryPoint into HttpSecurityBuilder.setSharedObject(Class, Object)

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer

Deprecated.

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

init(H) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer

init(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter

init(WebSecurity) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Deprecated.

initializeAuthenticationProviderBeanManagerConfigurer(ApplicationContext) - Static method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration

initializeUserDetailsBeanManagerConfigurer(ApplicationContext) - Static method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration

initUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

initUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer

Populates the users that have been added.

initUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer

Allows subclasses to initialize the UserDetailsService.

inMemoryAuthentication() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

Add in memory authentication to the AuthenticationManagerBuilder and return a InMemoryUserDetailsManagerConfigurer to allow customization of the in memory authentication.

InMemoryUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>> - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning

Configures an AuthenticationManagerBuilder to have in memory authentication.

InMemoryUserDetailsManagerConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer

Creates a new instance

INTERCEPT_MESSAGE - Static variable in class org.springframework.security.config.Elements

INTERCEPT_METHODS - Static variable in class org.springframework.security.config.Elements

INTERCEPT_URL - Static variable in class org.springframework.security.config.Elements

InterceptMethodsBeanDefinitionDecorator - Class in org.springframework.security.config.method

InterceptMethodsBeanDefinitionDecorator() - Constructor for class org.springframework.security.config.method.InterceptMethodsBeanDefinitionDecorator

introspectionClientCredentials(String, String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer

introspectionClientCredentials(String, String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec

Configures the credentials for Introspection endpoint

introspectionUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer

introspectionUri(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec

Configures the URI of the Introspection endpoint

introspector(OpaqueTokenIntrospector) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer

introspector(ReactiveOpaqueTokenIntrospector) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec

invalidateHttpSession(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

Configures SecurityContextLogoutHandler to invalidate the HttpSession at the time of logout.

invalidSessionStrategy(InvalidSessionStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Setting this attribute will inject the provided invalidSessionStrategy into the SessionManagementFilter.

invalidSessionUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Setting this attribute will inject the SessionManagementFilter with a SimpleRedirectInvalidSessionStrategy configured with the attribute value.

INVOCATION_ATTRIBUTE_FACTORY - Static variable in class org.springframework.security.config.Elements

INVOCATION_HANDLING - Static variable in class org.springframework.security.config.Elements

isConfigured() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

Determines if the AuthenticationManagerBuilder is configured to build a non null AuthenticationManager.

isCustomLoginPage() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

isSimpDestPathMatcherConfigured() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Determines if the MessageSecurityMetadataSourceRegistry.simpDestPathMatcher(PathMatcher) has been explicitly set.

isSingleton() - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean

J

j2eePreAuthenticatedProcessingFilter(J2eePreAuthenticatedProcessingFilter) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer

Allows specifying the J2eePreAuthenticatedProcessingFilter to use.

JDBC_USER_SERVICE - Static variable in class org.springframework.security.config.Elements

jdbcAuthentication() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

Add JDBC authentication to the AuthenticationManagerBuilder and return a JdbcUserDetailsManagerConfigurer to allow customization of the JDBC authentication.

JdbcUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>> - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning

Configures an AuthenticationManagerBuilder to have JDBC authentication.

JdbcUserDetailsManagerConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

JdbcUserDetailsManagerConfigurer(JdbcUserDetailsManager) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

JdbcUserServiceBeanDefinitionParser - Class in org.springframework.security.config.authentication

JdbcUserServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.JdbcUserServiceBeanDefinitionParser

jee() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures container based pre authentication.

jee(Customizer<JeeConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures container based pre authentication.

JEE - Static variable in class org.springframework.security.config.Elements

JeeConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds support for J2EE pre authentication.

JeeConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.JeeConfigurer

Creates a new instance

Jsr250AuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor

jsr250Enabled() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity

Determines if JSR-250 annotations should be enabled.

jsr250Enabled() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity

Determines if JSR-250 annotations should be enabled.

jwkSetUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer

jwkSetUri(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

Configures a ReactiveJwtDecoder using JSON Web Key (JWK) URL

jwt() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

jwt() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

Enables JWT Resource Server support.

jwt(Customizer<RSocketSecurity.JwtSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity

jwt(Customizer<OAuth2ResourceServerConfigurer.JwtConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

Enables Jwt-encoded bearer token support.

jwt(Customizer<ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

Enables JWT Resource Server support.

JWT - Static variable in class org.springframework.security.config.Elements

JWT_AUTHENTICATION - org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder

Where JWT based authentication is performed.

jwtAuthenticationConverter(Converter<Jwt, ? extends AbstractAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer

jwtAuthenticationConverter(Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

Configures the Converter to use for converting a Jwt into an AbstractAuthenticationToken.

jwtDecoder(ReactiveJwtDecoder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

Configures the ReactiveJwtDecoder to use

JwtSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

K

key(String) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer

Sets the key to identify tokens created for anonymous authentication.

key(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

Sets the key to identify tokens created for remember me authentication.

key(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec

Sets the key to identify tokens created for anonymous authentication.

L

LAST - org.springframework.security.config.web.server.SecurityWebFiltersOrder

LDAP_AUTHORITIES_POPULATOR_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

LDAP_PASSWORD_COMPARE - Static variable in class org.springframework.security.config.Elements

LDAP_PROVIDER - Static variable in class org.springframework.security.config.Elements

LDAP_SEARCH_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

LDAP_SERVER - Static variable in class org.springframework.security.config.Elements

LDAP_USER_MAPPER_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

LDAP_USER_SERVICE - Static variable in class org.springframework.security.config.Elements

ldapAuthentication() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

Add LDAP authentication to the AuthenticationManagerBuilder and return a LdapAuthenticationProviderConfigurer to allow customization of the LDAP authentication.

LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuilder<B>> - Class in org.springframework.security.config.annotation.authentication.configurers.ldap

Configures LDAP AuthenticationProvider in the ProviderManagerBuilder.

LdapAuthenticationProviderConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

LdapAuthenticationProviderConfigurer.ContextSourceBuilder - Class in org.springframework.security.config.annotation.authentication.configurers.ldap

Allows building a BaseLdapPathContextSource and optionally creating an embedded LDAP instance.

LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer - Class in org.springframework.security.config.annotation.authentication.configurers.ldap

Sets up Password based comparison

ldapAuthoritiesPopulator(LdapAuthoritiesPopulator) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

Specifies the LdapAuthoritiesPopulator.

LdapBindAuthenticationManagerFactory - Class in org.springframework.security.config.ldap

Creates an AuthenticationManager that can perform LDAP authentication using bind authentication.

LdapBindAuthenticationManagerFactory(BaseLdapPathContextSource) - Constructor for class org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory

LdapPasswordComparisonAuthenticationManagerFactory - Class in org.springframework.security.config.ldap

Creates an AuthenticationManager that can perform LDAP authentication using password comparison.

LdapPasswordComparisonAuthenticationManagerFactory(BaseLdapPathContextSource, PasswordEncoder) - Constructor for class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory

LdapProviderBeanDefinitionParser - Class in org.springframework.security.config.ldap

Ldap authentication provider namespace configuration.

LdapProviderBeanDefinitionParser() - Constructor for class org.springframework.security.config.ldap.LdapProviderBeanDefinitionParser

LdapServerBeanDefinitionParser - Class in org.springframework.security.config.ldap

LdapServerBeanDefinitionParser() - Constructor for class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser

LdapUserServiceBeanDefinitionParser - Class in org.springframework.security.config.ldap

LdapUserServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

ldif(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder

Specifies an ldif to load at startup for an embedded LDAP server.

logger - Variable in class org.springframework.security.config.http.FormLoginBeanDefinitionParser

LOGIN_PAGE_GENERATING - org.springframework.security.config.web.server.SecurityWebFiltersOrder

loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Specifies the URL to send users to if login is required.

loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer

Specifies the URL to send users to if login is required.

loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer

Deprecated.

Specifies the URL to send users to if login is required.

loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

loginPage(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

Configures the log in page to redirect to, the authentication failure page, and when authentication is performed.

loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Specifies the URL to validate the credentials.

loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer

Deprecated.

Specifies the URL used to authenticate OpenID requests.

loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

Specifies the URL to validate the credentials.

logout() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Provides logout support.

logout() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures log out.

logout(Customizer<LogoutConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Provides logout support.

logout(Customizer<ServerHttpSecurity.LogoutSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures log out.

LOGOUT - org.springframework.security.config.web.server.SecurityWebFiltersOrder

LOGOUT - Static variable in class org.springframework.security.config.Elements

LOGOUT_PAGE_GENERATING - org.springframework.security.config.web.server.SecurityWebFiltersOrder

LogoutConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds logout support.

LogoutConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

Creates a new instance

logoutHandler(ServerLogoutHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec

Configures the logout handler.

logoutRequest() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer

Get configurer for SAML 2.0 Logout Request components

logoutRequest(Customizer<Saml2LogoutConfigurer.LogoutRequestConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer

Configures SAML 2.0 Logout Request components

logoutRequestMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

The RequestMatcher that triggers log out to occur.

logoutRequestRepository(Saml2LogoutRequestRepository) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer

Use this Saml2LogoutRequestRepository for storing logout requests

logoutRequestResolver(Saml2LogoutRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer

Use this Saml2LogoutRequestResolver for producing a logout request to send to the asserting party

logoutRequestValidator(Saml2LogoutRequestValidator) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer

Use this LogoutHandler for processing a logout request from the asserting party

logoutResponse() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer

Get configurer for SAML 2.0 Logout Response components

logoutResponse(Customizer<Saml2LogoutConfigurer.LogoutResponseConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer

Configures SAML 2.0 Logout Request components

logoutResponseResolver(Saml2LogoutResponseResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer

Use this Saml2LogoutRequestResolver for producing a logout response to send to the asserting party

logoutResponseValidator(Saml2LogoutResponseValidator) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer

Use this LogoutHandler for processing a logout response from the asserting party

logoutSuccessHandler(LogoutSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

Sets the LogoutSuccessHandler to use.

logoutSuccessHandler(ServerLogoutSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec

logoutSuccessUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

The URL to redirect to after logout has occurred.

logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

The URL that triggers log out to occur (default is "/logout").

logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer

The URL by which the asserting party can send a SAML 2.0 Logout Request

logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer

The URL by which the asserting party can send a SAML 2.0 Logout Response

logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer

The URL by which the relying or asserting party can trigger logout.

logoutUrl(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec

Configures what URL a POST to will trigger a log out.

M

managerDn(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder

Username (DN) of the "manager" user identity (i.e.

managerPassword(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder

The password for the manager DN.

mappableAuthorities(String...) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer

Specifies roles to use map from the HttpServletRequest to the UserDetails.

mappableAuthorities(Set<String>) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer

Specifies roles to use map from the HttpServletRequest to the UserDetails.

mappableRoles(String...) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer

Specifies roles to use map from the HttpServletRequest to the UserDetails and automatically prefixes it with "ROLE_".

mapsTo(int) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer.HttpPortMapping

Maps the given HTTP port to the provided HTTPS port and vice versa.

matcher(PayloadExchangeMatcher) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec

matchers - Variable in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer

matchers(MessageMatcher<?>...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Maps a List of MessageMatcher instances to a security expression.

matchers(ServerWebExchangeMatcher...) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry

Associates a list of ServerWebExchangeMatcher instances

MatcherType - Enum in org.springframework.security.config.http

Defines the RequestMatcher types supported by the namespace.

maxAge(Duration) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec

Configures the max age.

maxAgeInSeconds(long) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig

Sets the value (in seconds) for the max-age directive of the Public-Key-Pins header.

maxAgeInSeconds(long) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig

Sets the value (in seconds) for the max-age directive of the Strict-Transport-Security header.

maximumSessions(int) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer

Controls the maximum number of sessions for a user.

maximumSessions(int) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Controls the maximum number of sessions for a user.

maxSessionsPreventsLogin(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer

If true, prevents a user from authenticating when the SessionManagementConfigurer.ConcurrencyControlConfigurer.maximumSessions(int) has been reached.

MessageSecurityMetadataSourceRegistry - Class in org.springframework.security.config.annotation.web.messaging

Allows mapping security constraints using MessageMatcher to the security expressions.

MessageSecurityMetadataSourceRegistry() - Constructor for class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

MessageSecurityMetadataSourceRegistry.Constraint - Class in org.springframework.security.config.annotation.web.messaging

Represents the security constraint to be applied to the MessageMatcher instances.

METHOD_ACCESS_MANAGER - Static variable in class org.springframework.security.config.BeanIds

METHOD_SECURITY - Static variable in class org.springframework.security.config.Elements

METHOD_SECURITY_METADATA_SOURCE - Static variable in class org.springframework.security.config.Elements

METHOD_SECURITY_METADATA_SOURCE_ADVISOR - Static variable in class org.springframework.security.config.BeanIds

MethodSecurityBeanDefinitionParser - Class in org.springframework.security.config.method

Processes the top-level "method-security" element.

MethodSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser

MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor - Class in org.springframework.security.config.method

MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean - Class in org.springframework.security.config.method

MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor - Class in org.springframework.security.config.method

MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor - Class in org.springframework.security.config.method

MethodSecurityExpressionHandlerBean() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean

methodSecurityInterceptor(MethodSecurityMetadataSource) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Creates the default MethodInterceptor which is a MethodSecurityInterceptor using the following methods to construct it.

methodSecurityMetadataSource() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Provides the default MethodSecurityMetadataSource that will be used.

MethodSecurityMetadataSourceBeanDefinitionParser - Class in org.springframework.security.config.method

MethodSecurityMetadataSourceBeanDefinitionParser() - Constructor for class org.springframework.security.config.method.MethodSecurityMetadataSourceBeanDefinitionParser

migrateSession() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer

Specifies that a new session should be created and the session attributes from the original HttpSession should be retained.

MISSING_BEAN_ERROR_MESSAGE - Static variable in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean

mode() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity

Indicate how security advice should be applied.

mode() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity

Indicate how security advice should be applied.

mode() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity

Indicate how security advice should be applied.

mode(XFrameOptionsServerHttpHeadersWriter.Mode) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FrameOptionsSpec

The mode to configure.

mvc - org.springframework.security.config.http.MatcherType

mvcMatcher(String) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring the HttpSecurity to only be invoked when matching the provided Spring MVC pattern.

mvcMatchers(String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

Maps an MvcRequestMatcher that does not care which HttpMethod is used.

mvcMatchers(String...) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer

mvcMatchers(String...) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer

mvcMatchers(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry

mvcMatchers(String...) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry

mvcMatchers(String...) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry

mvcMatchers(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry

mvcMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

Maps an MvcRequestMatcher that also specifies a specific HttpMethod to match on.

mvcMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer

mvcMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer

mvcMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry

mvcMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry

mvcMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry

mvcMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry

N

name(String) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer.AttributeConfigurer

Deprecated.

The OpenID attribute name.

NEVER - org.springframework.security.config.http.SessionCreationPolicy

Spring Security will never create an HttpSession, but will use the HttpSession if it already exists

newSession() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer

Specifies that a new session should be created, but the session attributes from the original HttpSession should not be retained.

none() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer

Specifies that no session fixation protection should be enabled.

not() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Negates the following expression.

NullAuthenticationProvider() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider

nullDestMatcher() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Maps any Message that has a null SimpMessageHeaderAccessor destination header (i.e.

O

OAUTH2_AUTHORIZATION_CODE - org.springframework.security.config.web.server.SecurityWebFiltersOrder

OAUTH2_CLIENT - Static variable in class org.springframework.security.config.Elements

OAUTH2_LOGIN - Static variable in class org.springframework.security.config.Elements

OAUTH2_RESOURCE_SERVER - Static variable in class org.springframework.security.config.Elements

oauth2Client() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures OAuth 2.0 Client support.

oauth2Client() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures the OAuth2 client.

oauth2Client(Customizer<OAuth2ClientConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures OAuth 2.0 Client support.

oauth2Client(Customizer<ServerHttpSecurity.OAuth2ClientSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures the OAuth2 client.

OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client

An AbstractHttpConfigurer for OAuth 2.0 Client support.

OAuth2ClientConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer

OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client

Configuration options for the OAuth 2.0 Authorization Code Grant.

oauth2Login() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.

oauth2Login() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.

oauth2Login(Customizer<OAuth2LoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.

oauth2Login(Customizer<ServerHttpSecurity.OAuth2LoginSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.

OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client

An AbstractHttpConfigurer for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.

OAuth2LoginConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

OAuth2LoginConfigurer.AuthorizationEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client

Configuration options for the Authorization Server's Authorization Endpoint.

OAuth2LoginConfigurer.RedirectionEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client

Configuration options for the Client's Redirection Endpoint.

OAuth2LoginConfigurer.TokenEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client

Configuration options for the Authorization Server's Token Endpoint.

OAuth2LoginConfigurer.UserInfoEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client

Configuration options for the Authorization Server's UserInfo Endpoint.

oauth2ResourceServer() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures OAuth 2.0 Resource Server support.

oauth2ResourceServer() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures OAuth 2.0 Resource Server support.

oauth2ResourceServer(Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures OAuth 2.0 Resource Server support.

oauth2ResourceServer(Customizer<ServerHttpSecurity.OAuth2ResourceServerSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures OAuth 2.0 Resource Server support.

OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource

An AbstractHttpConfigurer for OAuth 2.0 Resource Server Support.

OAuth2ResourceServerConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

OAuth2ResourceServerConfigurer.JwtConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource

OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource

OAuth2ResourceServerSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

objectPostProcessor(AutowireCapableBeanFactory) - Method in class org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration

objectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Specifies the ObjectPostProcessor to use.

ObjectPostProcessor<T> - Interface in org.springframework.security.config.annotation

Allows initialization of Objects.

ObjectPostProcessorConfiguration - Class in org.springframework.security.config.annotation.configuration

Spring Configuration that exports the default ObjectPostProcessor.

ObjectPostProcessorConfiguration() - Constructor for class org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration

oidcUserService(OAuth2UserService<OidcUserRequest, OidcUser>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig

Sets the OpenID Connect 1.0 service used for obtaining the user attributes of the End-User from the UserInfo Endpoint.

OKTA - org.springframework.security.config.oauth2.client.CommonOAuth2Provider

OPAQUE_TOKEN - Static variable in class org.springframework.security.config.Elements

opaqueToken() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

opaqueToken() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

Enables Opaque Token Resource Server support.

opaqueToken(Customizer<OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer

Enables opaque bearer token support.

opaqueToken(Customizer<ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec

Enables Opaque Token Resource Server support.

OPENID_ATTRIBUTE - Static variable in class org.springframework.security.config.Elements

OPENID_ATTRIBUTE_EXCHANGE - Static variable in class org.springframework.security.config.Elements

OPENID_LOGIN - Static variable in class org.springframework.security.config.Elements

openidLogin() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated.

The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by spring-security-oauth2.

openidLogin(Customizer<OpenIDLoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Deprecated.

The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by spring-security-oauth2.

OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.openid

Deprecated.

The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by spring-security-oauth2.

OpenIDLoginConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer

Deprecated.

Creates a new instance

OpenIDLoginConfigurer.AttributeExchangeConfigurer - Class in org.springframework.security.config.annotation.web.configurers.openid

Deprecated.

A class used to add OpenID attributes to look up

OpenIDLoginConfigurer.AttributeExchangeConfigurer.AttributeConfigurer - Class in org.springframework.security.config.annotation.web.configurers.openid

Deprecated.

Configures an OpenIDAttribute

order() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity

Indicate the ordering of the execution of the security advisor when multiple advices are applied at a specific joinpoint.

order() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity

Indicate the ordering of the execution of the security advisor when multiple advices are applied at a specific joinpoint.

org.springframework.security.config - package org.springframework.security.config

Support classes for the Spring Security namespace.

org.springframework.security.config.annotation - package org.springframework.security.config.annotation

org.springframework.security.config.annotation.authentication - package org.springframework.security.config.annotation.authentication

org.springframework.security.config.annotation.authentication.builders - package org.springframework.security.config.annotation.authentication.builders

org.springframework.security.config.annotation.authentication.configuration - package org.springframework.security.config.annotation.authentication.configuration

org.springframework.security.config.annotation.authentication.configurers.ldap - package org.springframework.security.config.annotation.authentication.configurers.ldap

org.springframework.security.config.annotation.authentication.configurers.provisioning - package org.springframework.security.config.annotation.authentication.configurers.provisioning

org.springframework.security.config.annotation.authentication.configurers.userdetails - package org.springframework.security.config.annotation.authentication.configurers.userdetails

org.springframework.security.config.annotation.configuration - package org.springframework.security.config.annotation.configuration

org.springframework.security.config.annotation.method.configuration - package org.springframework.security.config.annotation.method.configuration

org.springframework.security.config.annotation.rsocket - package org.springframework.security.config.annotation.rsocket

org.springframework.security.config.annotation.web - package org.springframework.security.config.annotation.web

org.springframework.security.config.annotation.web.builders - package org.springframework.security.config.annotation.web.builders

org.springframework.security.config.annotation.web.configuration - package org.springframework.security.config.annotation.web.configuration

org.springframework.security.config.annotation.web.configurers - package org.springframework.security.config.annotation.web.configurers

org.springframework.security.config.annotation.web.configurers.oauth2.client - package org.springframework.security.config.annotation.web.configurers.oauth2.client

org.springframework.security.config.annotation.web.configurers.oauth2.server.resource - package org.springframework.security.config.annotation.web.configurers.oauth2.server.resource

org.springframework.security.config.annotation.web.configurers.openid - package org.springframework.security.config.annotation.web.configurers.openid

org.springframework.security.config.annotation.web.configurers.saml2 - package org.springframework.security.config.annotation.web.configurers.saml2

org.springframework.security.config.annotation.web.messaging - package org.springframework.security.config.annotation.web.messaging

org.springframework.security.config.annotation.web.reactive - package org.springframework.security.config.annotation.web.reactive

org.springframework.security.config.annotation.web.servlet.configuration - package org.springframework.security.config.annotation.web.servlet.configuration

org.springframework.security.config.annotation.web.socket - package org.springframework.security.config.annotation.web.socket

org.springframework.security.config.authentication - package org.springframework.security.config.authentication

Parsing of <authentication-manager> and related elements.

org.springframework.security.config.core - package org.springframework.security.config.core

org.springframework.security.config.core.userdetails - package org.springframework.security.config.core.userdetails

org.springframework.security.config.crypto - package org.springframework.security.config.crypto

org.springframework.security.config.debug - package org.springframework.security.config.debug

org.springframework.security.config.http - package org.springframework.security.config.http

Parsing of the <http> namespace element.

org.springframework.security.config.ldap - package org.springframework.security.config.ldap

Security namespace support for LDAP authentication.

org.springframework.security.config.method - package org.springframework.security.config.method

Support for parsing of the <global-method-security> and <intercept-methods> elements.

org.springframework.security.config.oauth2.client - package org.springframework.security.config.oauth2.client

org.springframework.security.config.provisioning - package org.springframework.security.config.provisioning

org.springframework.security.config.saml2 - package org.springframework.security.config.saml2

org.springframework.security.config.web.server - package org.springframework.security.config.web.server

org.springframework.security.config.websocket - package org.springframework.security.config.websocket

P

parentAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

Allows providing a parent AuthenticationManager that will be tried if this AuthenticationManager was unable to attempt to authenticate the provided Authentication.

parse(Element, ParserContext) - Method in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.authentication.AuthenticationProviderBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.DebugBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.http.CorsBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.http.CsrfBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.http.FilterChainBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.http.FilterInvocationSecurityMetadataSourceParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.http.FormLoginBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.http.HeadersBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.http.HttpFirewallBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser

The aim of this method is to build the list of filters which have been defined by the namespace elements and attributes within the <http> configuration, along with any custom-filter's linked to user-defined filter beans.

parse(Element, ParserContext) - Method in class org.springframework.security.config.http.WellKnownChangePasswordBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.ldap.LdapProviderBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.oauth2.client.ClientRegistrationsBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.saml2.RelyingPartyRegistrationsBeanDefinitionParser

parse(Element, ParserContext) - Method in class org.springframework.security.config.SecurityNamespaceHandler

parse(Element, ParserContext) - Method in class org.springframework.security.config.websocket.WebSocketMessageBrokerSecurityBeanDefinitionParser

parseInternal(Element, ParserContext) - Method in class org.springframework.security.config.method.MethodSecurityMetadataSourceBeanDefinitionParser

password(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder

Populates the password.

PASSWORD_ENCODER - Static variable in class org.springframework.security.config.Elements

PASSWORD_MANAGEMENT - Static variable in class org.springframework.security.config.Elements

passwordAttribute(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer

The attribute in the directory which contains the user password.

passwordCompare() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

passwordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer

Allows specifying the PasswordEncoder to use.

passwordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

Specifies the PasswordEncoder to be used when authenticating with password comparison.

passwordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer

Allows specifying the PasswordEncoder to use with the DaoAuthenticationProvider.

PasswordEncoderParser - Class in org.springframework.security.config.authentication

Stateful parser for the <password-encoder> element.

PasswordEncoderParser(Element, ParserContext) - Constructor for class org.springframework.security.config.authentication.PasswordEncoderParser

passwordManagement() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures password management.

passwordManagement(Customizer<PasswordManagementConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Adds support for the password management.

passwordManagement(Customizer<ServerHttpSecurity.PasswordManagementSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures password management.

PasswordManagementConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers

Adds password management support.

PasswordManagementConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer

passwordParameter(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer

The HTTP parameter to look for the password when performing authentication.

pathMatchers(String...) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry

Maps a List of PathPatternParserServerWebExchangeMatcher instances that do not care which HttpMethod is used.

pathMatchers(HttpMethod) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry

Maps a List of PathPatternParserServerWebExchangeMatcher instances.

pathMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry

Maps a List of PathPatternParserServerWebExchangeMatcher instances.

PayloadInterceptorOrder - Enum in org.springframework.security.config.annotation.rsocket

The standard order for PayloadInterceptor to be sorted.

performBuild() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Subclasses must implement this method to build the object that is being returned.

performBuild() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

performBuild() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

performBuild() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

permissionsPolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows configuration for Permissions Policy.

permissionsPolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures Permissions-Policy response header.

permissionsPolicy(Customizer<HeadersConfigurer.PermissionsPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows configuration for Permissions Policy.

permissionsPolicy(Customizer<ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures Permissions-Policy response header.

permitAll() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access

permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Equivalent of invoking permitAll(true)

permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl

Specify that URLs are allowed by anyone.

permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Specify that URLs are allowed by anyone.

permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

A shortcut for LogoutConfigurer.permitAll(boolean) with true as an argument.

permitAll() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Specify that Messages are allowed by anyone.

permitAll() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access

Allow access for anyone

permitAll(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Ensures the urls for AbstractAuthenticationFilterConfigurer.failureUrl(String) as well as for the HttpSecurityBuilder, the AbstractAuthenticationFilterConfigurer.getLoginPage() and AbstractAuthenticationFilterConfigurer.getLoginProcessingUrl() are granted access to any user.

permitAll(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer

Grants access to the LogoutConfigurer.logoutSuccessUrl(String) and the LogoutConfigurer.logoutUrl(String) for every user.

PERSON_MAPPER_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

policy(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.PermissionsPolicyConfig

Sets the policy to be used in the response header.

policy(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec

Sets the policy to be used in the response header.

policy(CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginEmbedderPolicyConfig

Sets the policy to be used in the Cross-Origin-Embedder-Policy header

policy(CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginOpenerPolicyConfig

Sets the policy to be used in the Cross-Origin-Opener-Policy header

policy(CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginResourcePolicyConfig

Sets the policy to be used in the Cross-Origin-Resource-Policy header

policy(ReferrerPolicyHeaderWriter.ReferrerPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ReferrerPolicyConfig

Sets the policy to be used in the response header.

policy(CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec

Sets the value to be used in the `Cross-Origin-Embedder-Policy` header

policy(CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec

Sets the value to be used in the `Cross-Origin-Opener-Policy` header

policy(CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec

Sets the value to be used in the `Cross-Origin-Resource-Policy` header

policy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec

Sets the policy to be used in the response header.

policyDirectives(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig

Sets the security policy directive(s) to be used in the response header.

policyDirectives(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec

Sets the security policy directive(s) to be used in the response header.

port(int) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder

The port to connect to LDAP to (the default is 33389 or random available port if unavailable).

PORT_MAPPING - Static variable in class org.springframework.security.config.Elements

PORT_MAPPINGS - Static variable in class org.springframework.security.config.Elements

portMapper() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring a PortMapper that is available from AbstractConfiguredSecurityBuilder.getSharedObject(Class).

portMapper(Customizer<PortMapperConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring a PortMapper that is available from AbstractConfiguredSecurityBuilder.getSharedObject(Class).

portMapper(PortMapper) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer

Allows specifying the PortMapper instance.

portMapper(PortMapper) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec

Configures a custom HTTPS port to redirect to

PortMapperConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Allows configuring a shared PortMapper instance used to determine the ports when redirecting between HTTP and HTTPS.

PortMapperConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer

Creates a new instance

PortMapperConfigurer.HttpPortMapping - Class in org.springframework.security.config.annotation.web.configurers

Allows specifying the HTTPS port for a given HTTP port when redirecting between HTTP and HTTPS.

POST_INVOCATION_ADVICE - Static variable in class org.springframework.security.config.Elements

PostAuthorizeAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor

postBuildAction(Runnable) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Executes the Runnable immediately after the build takes place

postProcess(O) - Method in interface org.springframework.security.config.annotation.ObjectPostProcessor

Initialize the object possibly returning a modified instance that should be used instead.

postProcess(P) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Performs post processing of an object.

postProcess(T) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter

Performs post processing of an object.

postProcessBeanDefinitionRegistry(BeanDefinitionRegistry) - Method in class org.springframework.security.config.debug.SecurityDebugBeanFactoryPostProcessor

postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.crypto.RsaKeyConversionServicePostProcessor

postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.debug.SecurityDebugBeanFactoryPostProcessor

postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.ldap.ContextSourceSettingPostProcessor

PRE_INVOCATION_ADVICE - Static variable in class org.springframework.security.config.Elements

PreAuthorizeAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor

preInvocationAuthorizationAdvice() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Creates the PreInvocationAuthorizationAdvice to be used.

preload(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig

If true, preload will be included in HSTS Header.

preload(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec

Configures if preload should be included.

prePostEnabled() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity

Determines if Spring Security's pre post annotations should be enabled.

prePostEnabled() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity

Determines if Spring Security's PreAuthorize, PostAuthorize, PreFilter, and PostFilter annotations should be enabled.

principal(Object) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer

Sets the principal for Authentication objects of anonymous users

principal(Object) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec

Sets the principal for Authentication objects of anonymous users

principalExtractor(X509PrincipalExtractor) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec

privilegeEvaluator() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration

Creates the WebInvocationPrivilegeEvaluator that is necessary to evaluate privileges for a given web URI

privilegeEvaluator(WebInvocationPrivilegeEvaluator) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Set the WebInvocationPrivilegeEvaluator to be used.

PROTECT - Static variable in class org.springframework.security.config.Elements

PROTECT_POINTCUT - Static variable in class org.springframework.security.config.Elements

ProviderManagerBuilder<B extends ProviderManagerBuilder<B>> - Interface in org.springframework.security.config.annotation.authentication

Interface for operating on a SecurityBuilder that creates a ProviderManager

proxyTargetClass() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity

Indicate whether subclass-based (CGLIB) proxies are to be created (true) as opposed to standard Java interface-based proxies (false).

proxyTargetClass() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity

Indicate whether subclass-based (CGLIB) proxies are to be created as opposed to standard Java interface-based proxies.

proxyTargetClass() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity

Indicate whether subclass-based (CGLIB) proxies are to be created as opposed to standard Java interface-based proxies.

publicKey(RSAPublicKey) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

Configures a ReactiveJwtDecoder that leverages the provided RSAPublicKey

R

ReactiveUserDetailsServiceResourceFactoryBean - Class in org.springframework.security.config.core.userdetails

Constructs an MapReactiveUserDetailsService from a resource using UserDetailsResourceFactoryBean.

ReactiveUserDetailsServiceResourceFactoryBean() - Constructor for class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean

REACTOR_CONTEXT - org.springframework.security.config.web.server.SecurityWebFiltersOrder

ReactorContextWebFilter

realmName(String) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer

Allows easily changing the realm, but leaving the remaining defaults in place.

redirectionEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Returns the OAuth2LoginConfigurer.RedirectionEndpointConfig for configuring the Client's Redirection Endpoint.

redirectionEndpoint(Customizer<OAuth2LoginConfigurer.RedirectionEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Configures the Client's Redirection Endpoint.

redirectStrategy(RedirectStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry

Sets the RedirectStrategy instances to use in RetryWithHttpEntryPoint and RetryWithHttpsEntryPoint

redirectToHttps() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures HTTPS redirection rules.

redirectToHttps(Customizer<ServerHttpSecurity.HttpsRedirectSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures HTTPS redirection rules.

referrerPolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows configuration for Referrer Policy.

referrerPolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures Referrer-Policy response header.

referrerPolicy(Customizer<HeadersConfigurer.ReferrerPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows configuration for Referrer Policy.

referrerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures Referrer-Policy response header.

referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Allows configuration for Referrer Policy.

referrerPolicy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures Referrer-Policy response header.

regex - org.springframework.security.config.http.MatcherType

regexMatcher(String) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring the HttpSecurity to only be invoked when matching the provided regex pattern.

regexMatchers(String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

Create a List of RegexRequestMatcher instances that do not specify an HttpMethod.

regexMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

Maps a List of RegexRequestMatcher instances.

registerAuthenticationEntryPoint(B, AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

registerDefaultAuthenticationEntryPoint(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

registerMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry

Subclasses should implement this method for returning the object that is chained to the creation of the ServerWebExchangeMatcher instances.

registerMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec

registerStompEndpoints(StompEndpointRegistry) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

RELYING_PARTY_REGISTRATIONS - Static variable in class org.springframework.security.config.Elements

relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

Sets the RelyingPartyRegistrationRepository of relying parties, each party representing a service provider, SP and this host, and identity provider, IDP pair that communicate with each other.

relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer

Sets the RelyingPartyRegistrationRepository of relying parties, each party representing a service provider, SP and this host, and identity provider, IDP pair that communicate with each other.

RelyingPartyRegistrationsBeanDefinitionParser - Class in org.springframework.security.config.saml2

RelyingPartyRegistrationsBeanDefinitionParser() - Constructor for class org.springframework.security.config.saml2.RelyingPartyRegistrationsBeanDefinitionParser

REMEMBER_ME - Static variable in class org.springframework.security.config.Elements

rememberMe() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring of Remember Me authentication.

rememberMe() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl

Specify that URLs are allowed by users that have been remembered.

rememberMe() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint

Specify that Messages are allowed by users that have been remembered.

rememberMe(Customizer<RememberMeConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring of Remember Me authentication.

RememberMeConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Configures Remember Me authentication.

RememberMeConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

Creates a new instance

rememberMeCookieDomain(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

The domain name within which the remember me cookie is visible.

rememberMeCookieName(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

The name of cookie which store the token for remember me authentication.

rememberMeParameter(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

The HTTP parameter used to indicate to remember the user at time of login.

rememberMeServices(RememberMeServices) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

Specify the RememberMeServices to use.

removeConfigurer(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Removes and returns the SecurityConfigurer by its class name or null if not found.

removeConfigurer(Class<C>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder

Removes the SecurityConfigurer by its class name or null if not found.

removeConfigurers(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Removes all the SecurityConfigurer instances by its class name or an empty List if not found.

reportOnly() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig

Enables (includes) the Content-Security-Policy-Report-Only header in the response.

reportOnly(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig

If true, the browser should not terminate the connection with the server.

reportOnly(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec

Whether to include the Content-Security-Policy-Report-Only header in the response.

reportUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig

Sets the URI to which the browser should report pin validation failures.

reportUri(URI) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig

Sets the URI to which the browser should report pin validation failures.

REQUEST_CACHE - Static variable in class org.springframework.security.config.Elements

requestCache() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring the Request Cache.

requestCache() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures the request cache which is used when a flow is interrupted (i.e.

requestCache(Customizer<RequestCacheConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring the Request Cache.

requestCache(Customizer<ServerHttpSecurity.RequestCacheSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures the request cache which is used when a flow is interrupted (i.e.

requestCache(RequestCache) - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer

Allows explicit configuration of the RequestCache to be used.

requestCache(ServerRequestCache) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec

Configures the cache used

RequestCacheConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds request cache for Spring Security.

RequestCacheConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer

requestDataValueProcessor() - Method in class org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration

Deprecated.

requestMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring the HttpSecurity to only be invoked when matching the provided RequestMatcher.

requestMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig

Sets the RequestMatcher used to determine if the "Strict-Transport-Security" should be added.

requestMatchers - Variable in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl

requestMatchers() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows specifying which HttpServletRequest instances this HttpSecurity will be invoked on.

requestMatchers(Customizer<HttpSecurity.RequestMatcherConfigurer>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows specifying which HttpServletRequest instances this HttpSecurity will be invoked on.

requestMatchers(RequestMatcher...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

Associates a list of RequestMatcher instances with the AbstractConfigAttributeRequestMatcherRegistry

requestRejectedHandler(RequestRejectedHandler) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Sets the handler to handle RequestRejectedException

requireCsrfProtectionMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec

Configures the ServerWebExchangeMatcher used to determine when CSRF protection is enabled.

requireCsrfProtectionMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer

Specify the RequestMatcher to use for determining when CSRF should be applied.

required(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer.AttributeConfigurer

Deprecated.

Specifies that this attribute is required.

requireExplicitSave(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer

requires(String) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl

requiresAuthenticationMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

Configures when authentication is performed.

requiresChannel() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures channel security.

requiresChannel(Customizer<ChannelSecurityConfigurer.ChannelRequestMatcherRegistry>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures channel security.

requiresInsecure() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl

requiresLogout(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec

Configures when the log out will be triggered.

requiresSecure() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl

rolePrefix(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

A non-empty string prefix that will be added as a prefix to the existing roles.

rolePrefix(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

A non-empty string prefix that will be added to role strings loaded from persistent storage (default is "").

rolePrefix(String) - Method in class org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer

roles(String...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder

Populates the roles.

root(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder

Optional root suffix for the embedded LDAP server.

route(String) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec

RsaKeyConversionServicePostProcessor - Class in org.springframework.security.config.crypto

Adds RsaKeyConverters to the configured ConversionService or PropertyEditors

RsaKeyConversionServicePostProcessor() - Constructor for class org.springframework.security.config.crypto.RsaKeyConversionServicePostProcessor

RSocketSecurity - Class in org.springframework.security.config.annotation.rsocket

Allows configuring RSocket based security.

RSocketSecurity() - Constructor for class org.springframework.security.config.annotation.rsocket.RSocketSecurity

RSocketSecurity.AuthorizePayloadsSpec - Class in org.springframework.security.config.annotation.rsocket

RSocketSecurity.AuthorizePayloadsSpec.Access - Class in org.springframework.security.config.annotation.rsocket

RSocketSecurity.BasicAuthenticationSpec - Class in org.springframework.security.config.annotation.rsocket

RSocketSecurity.JwtSpec - Class in org.springframework.security.config.annotation.rsocket

RSocketSecurity.SimpleAuthenticationSpec - Class in org.springframework.security.config.annotation.rsocket

runAsManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Provide a custom RunAsManager for the default implementation of GlobalMethodSecurityConfiguration.methodSecurityInterceptor(MethodSecurityMetadataSource).

S

sameOrigin() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig

Specify to allow any request that comes from the same origin to frame this application.

sameOriginDisabled() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

Determines if a CSRF token is required for connecting.

SAML2_LOGIN - Static variable in class org.springframework.security.config.Elements

SAML2_LOGOUT - Static variable in class org.springframework.security.config.Elements

saml2Login() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures authentication support using an SAML 2.0 Service Provider.

saml2Login(Customizer<Saml2LoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures authentication support using an SAML 2.0 Service Provider.

Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers.saml2

An AbstractHttpConfigurer for SAML 2.0 Login, which leverages the SAML 2.0 Web Browser Single Sign On (WebSSO) Flow.

Saml2LoginConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer

saml2Logout() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures logout support for an SAML 2.0 Relying Party.

saml2Logout(Customizer<Saml2LogoutConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures logout support for an SAML 2.0 Relying Party.

Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.saml2

Adds SAML 2.0 logout support.

Saml2LogoutConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer

Creates a new instance

Saml2LogoutConfigurer.LogoutRequestConfigurer - Class in org.springframework.security.config.annotation.web.configurers.saml2

A configurer for SAML 2.0 LogoutRequest components

Saml2LogoutConfigurer.LogoutResponseConfigurer - Class in org.springframework.security.config.annotation.web.configurers.saml2

securedEnabled() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity

Determines if Spring Security's Secured annotations should be enabled.

securedEnabled() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity

Determines if Spring Security's Secured annotation should be enabled.

SECURITY_CONTEXT_SERVER_WEB_EXCHANGE - org.springframework.security.config.web.server.SecurityWebFiltersOrder

SecurityContextServerWebExchangeWebFilter

SecurityBuilder<O> - Interface in org.springframework.security.config.annotation

Interface for building an Object

SecurityConfigurer<O,B extends SecurityBuilder<O>> - Interface in org.springframework.security.config.annotation

Allows for configuring a SecurityBuilder.

SecurityConfigurerAdapter<O,B extends SecurityBuilder<O>> - Class in org.springframework.security.config.annotation

A base class for SecurityConfigurer that allows subclasses to only implement the methods they are interested in.

SecurityConfigurerAdapter() - Constructor for class org.springframework.security.config.annotation.SecurityConfigurerAdapter

securityContext() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Sets up management of the SecurityContext on the SecurityContextHolder between HttpServletRequest's.

securityContext(Customizer<SecurityContextConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Sets up management of the SecurityContext on the SecurityContextHolder between HttpServletRequest's.

securityContextChannelInterceptor() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

SecurityContextConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Allows persisting and restoring of the SecurityContext found on the SecurityContextHolder for each request by configuring the SecurityContextPersistenceFilter.

SecurityContextConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer

Creates a new instance

securityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

securityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer

Specifies the shared SecurityContextRepository that is to be used

securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec

The ServerSecurityContextRepository used to save the Authentication.

securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec

The ServerSecurityContextRepository used to save the Authentication.

securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec

The ServerSecurityContextRepository used to save the Authentication.

securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

The strategy used with ReactorContextWebFilter.

SecurityDebugBeanFactoryPostProcessor - Class in org.springframework.security.config.debug

SecurityDebugBeanFactoryPostProcessor() - Constructor for class org.springframework.security.config.debug.SecurityDebugBeanFactoryPostProcessor

securityInterceptor(FilterSecurityInterceptor) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

Deprecated.

Use WebSecurity.privilegeEvaluator(WebInvocationPrivilegeEvaluator) instead

securityMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

The ServerExchangeMatcher that determines which requests apply to this HttpSecurity instance.

SecurityNamespaceHandler - Class in org.springframework.security.config

Parses elements from the "security" namespace (http://www.springframework.org/schema/security).

SecurityNamespaceHandler() - Constructor for class org.springframework.security.config.SecurityNamespaceHandler

SecurityWebFiltersOrder - Enum in org.springframework.security.config.web.server

SERVER_REQUEST_CACHE - org.springframework.security.config.web.server.SecurityWebFiltersOrder

ServerRequestCacheWebFilter

ServerHttpSecurity - Class in org.springframework.security.config.web.server

A ServerHttpSecurity is similar to Spring Security's HttpSecurity but for WebFlux.

ServerHttpSecurity() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity

ServerHttpSecurity.AnonymousSpec - Class in org.springframework.security.config.web.server

Configures anonymous authentication

ServerHttpSecurity.AuthorizeExchangeSpec - Class in org.springframework.security.config.web.server

Configures authorization

ServerHttpSecurity.AuthorizeExchangeSpec.Access - Class in org.springframework.security.config.web.server

Configures the access for a particular set of exchanges.

ServerHttpSecurity.CorsSpec - Class in org.springframework.security.config.web.server

Configures CORS support within Spring Security.

ServerHttpSecurity.CsrfSpec - Class in org.springframework.security.config.web.server

Configures CSRF Protection

ServerHttpSecurity.ExceptionHandlingSpec - Class in org.springframework.security.config.web.server

Configures exception handling

ServerHttpSecurity.FormLoginSpec - Class in org.springframework.security.config.web.server

Configures Form Based authentication

ServerHttpSecurity.HeaderSpec - Class in org.springframework.security.config.web.server

Configures HTTP Response Headers.

ServerHttpSecurity.HeaderSpec.CacheSpec - Class in org.springframework.security.config.web.server

Configures cache control headers

ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec - Class in org.springframework.security.config.web.server

Configures Content-Security-Policy response header.

ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec - Class in org.springframework.security.config.web.server

The content type headers

ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec - Class in org.springframework.security.config.web.server

Configures the Cross-Origin-Embedder-Policy header

ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec - Class in org.springframework.security.config.web.server

Configures the Cross-Origin-Opener-Policy header

ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec - Class in org.springframework.security.config.web.server

Configures the Cross-Origin-Resource-Policy header

ServerHttpSecurity.HeaderSpec.FeaturePolicySpec - Class in org.springframework.security.config.web.server

Configures Feature-Policy response header.

ServerHttpSecurity.HeaderSpec.FrameOptionsSpec - Class in org.springframework.security.config.web.server

Configures frame options response header

ServerHttpSecurity.HeaderSpec.HstsSpec - Class in org.springframework.security.config.web.server

Configures Strict Transport Security response header

ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec - Class in org.springframework.security.config.web.server

Configures Permissions-Policy response header.

ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec - Class in org.springframework.security.config.web.server

Configures Referrer-Policy response header.

ServerHttpSecurity.HeaderSpec.XssProtectionSpec - Class in org.springframework.security.config.web.server

Configures x-xss-protection response header

ServerHttpSecurity.HttpBasicSpec - Class in org.springframework.security.config.web.server

Configures HTTP Basic Authentication

ServerHttpSecurity.HttpsRedirectSpec - Class in org.springframework.security.config.web.server

Configures HTTPS redirection rules

ServerHttpSecurity.LogoutSpec - Class in org.springframework.security.config.web.server

Configures log out

ServerHttpSecurity.OAuth2ClientSpec - Class in org.springframework.security.config.web.server

ServerHttpSecurity.OAuth2LoginSpec - Class in org.springframework.security.config.web.server

ServerHttpSecurity.OAuth2ResourceServerSpec - Class in org.springframework.security.config.web.server

Configures OAuth2 Resource Server Support

ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec - Class in org.springframework.security.config.web.server

Configures JWT Resource Server Support

ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec - Class in org.springframework.security.config.web.server

Configures Opaque Token Resource Server support

ServerHttpSecurity.PasswordManagementSpec - Class in org.springframework.security.config.web.server

Configures password management.

ServerHttpSecurity.RequestCacheSpec - Class in org.springframework.security.config.web.server

Configures the request cache which is used when a flow is interrupted (i.e.

ServerHttpSecurity.X509Spec - Class in org.springframework.security.config.web.server

Configures X509 authentication

servletApi() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Integrates the HttpServletRequest methods with the values found on the SecurityContext.

servletApi(Customizer<ServletApiConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Integrates the HttpServletRequest methods with the values found on the SecurityContext.

ServletApiConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Implements select methods from the HttpServletRequest using the SecurityContext from the SecurityContextHolder.

ServletApiConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer

Creates a new instance

servletPath(String) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity.MvcMatchersRequestMatcherConfigurer

servletPath(String) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.MvcMatchersIgnoredRequestConfigurer

servletPath(String) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.MvcMatchersAuthorizedUrl

Configures servletPath to MvcRequestMatchers.

servletPath(String) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.MvcMatchersRequiresChannelUrl

servletPath(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.MvcMatchersAuthorizedUrl

servletPath(String) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.MvcMatchersAuthorizedUrl

SESSION_MANAGEMENT - Static variable in class org.springframework.security.config.Elements

sessionAuthenticationErrorUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Defines the URL of the error page which should be shown when the SessionAuthenticationStrategy raises an exception.

sessionAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Defines the AuthenticationFailureHandler which will be used when the SessionAuthenticationStrategy raises an exception.

sessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer

Specify the SessionAuthenticationStrategy to use.

sessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Allows explicitly specifying the SessionAuthenticationStrategy.

sessionConcurrency(Customizer<SessionManagementConfigurer.ConcurrencyControlConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Controls the maximum number of sessions for a user.

sessionCreationPolicy(SessionCreationPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Allows specifying the SessionCreationPolicy

SessionCreationPolicy - Enum in org.springframework.security.config.http

Specifies the various session creation policies for Spring Security.

sessionFixation() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Allows changing the default SessionFixationProtectionStrategy.

sessionFixation(Customizer<SessionManagementConfigurer.SessionFixationConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Allows configuring session fixation protection.

SessionFixationConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer

sessionManagement() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring of Session Management.

sessionManagement(Customizer<SessionManagementConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Allows configuring of Session Management.

SessionManagementConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Allows configuring session management.

SessionManagementConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer

Creates a new instance

SessionManagementConfigurer.ConcurrencyControlConfigurer - Class in org.springframework.security.config.annotation.web.configurers

Allows configuring controlling of multiple sessions.

SessionManagementConfigurer.SessionFixationConfigurer - Class in org.springframework.security.config.annotation.web.configurers

Allows configuring SessionFixation protection

sessionRegistry(SessionRegistry) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer

Controls the SessionRegistry implementation used.

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Deprecated.

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.http.UserDetailsServiceFactoryBean

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean

setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

setAuthenticationConfiguration(AuthenticationConfiguration) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Deprecated.

setAuthenticationFilter(F) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Sets the Authentication Filter

setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory

Sets the GrantedAuthoritiesMapper used for converting the authorities loaded from storage to a new set of authorities which will be associated to the UsernamePasswordAuthenticationToken.

setBeanClassLoader(ClassLoader) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration

setBeanFactory(BeanFactory) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

setBeanFactory(BeanFactory) - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean

setBuilder(B) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter

Sets the SecurityBuilder to be used.

setContentNegotationStrategy(ContentNegotiationStrategy) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Deprecated.

setContextSource(BaseLdapPathContextSource) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory

Sets the BaseLdapPathContextSource used to perform LDAP authentication.

setDefaultNameRequired(boolean) - Method in class org.springframework.security.config.ldap.ContextSourceSettingPostProcessor

setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor

setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor

setFilterChainProxySecurityConfigurer(ObjectPostProcessor<Object>, ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration

Sets the <SecurityConfigurer<FilterChainProxy, WebSecurityBuilder> instances used to create the web configuration.

setGlobalAuthenticationConfigurers(List<GlobalAuthenticationConfigurerAdapter>) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration

setImportMetadata(AnnotationMetadata) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

Obtains the attributes from EnableGlobalMethodSecurity if this class was imported using the EnableGlobalMethodSecurity annotation.

setImportMetadata(AnnotationMetadata) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration

setLdapAuthoritiesPopulator(LdapAuthoritiesPopulator) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory

Sets the LdapAuthoritiesPopulator used to obtain a list of granted authorities for an LDAP user.

setLdif(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

Specifies an LDIF to load at startup for an embedded LDAP server.

setManagerDn(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

Username (DN) of the "manager" user identity (i.e.

setManagerPassword(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

The password for the manager DN.

setMessageExpessionHandler(List<SecurityExpressionHandler<Message<Object>>>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

Deprecated.

setMessageExpressionHandler(List<SecurityExpressionHandler<Message<Object>>>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

setMethodSecurityExpressionHandler(List<MethodSecurityExpressionHandler>) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

setObjectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration

setObjectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

setObjectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Deprecated.

setObjectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer

setPasswordAttribute(String) - Method in class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory

The attribute in the directory which contains the user password.

setPasswordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory

Specifies the PasswordEncoder to be used when authenticating with password comparison.

setPort(int) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

The port to connect to LDAP to (the default is 33389 or random available port if unavailable).

setResource(Resource) - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean

Sets a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

setResource(Resource) - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean

Sets a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

setResource(Resource) - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean

Sets a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean

setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean

setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.crypto.RsaKeyConversionServicePostProcessor

setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean

setResourceLocation(String) - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean

Sets the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

setResourceLocation(String) - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean

Sets the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

setResourceLocation(String) - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean

Sets the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.

setRoot(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean

Optional root suffix for the embedded LDAP server.

setServletContext(ServletContext) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity

setSharedObject(Class<C>, C) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder

Sets an object that is shared by multiple SecurityConfigurer.

setSharedObject(Class<C>, C) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

setSharedObject(Class<C>, C) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder

Sets an object that is shared by multiple SecurityConfigurer.

setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Deprecated.

setup() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec

setUserDetailsContextMapper(UserDetailsContextMapper) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory

Sets a custom strategy to be used for creating the UserDetails which will be stored as the principal in the Authentication.

setUserDnPatterns(String...) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory

If your users are at a fixed location in the directory (i.e.

setUserSearchBase(String) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory

Search base for user searches.

setUserSearchFilter(String) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory

The LDAP filter used to search for users (optional).

shouldFilterAllDispatcherTypes(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry

Sets whether all dispatcher types should be filtered.

simpDestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Maps a List of SimpDestinationMessageMatcher instances without regard to the SimpMessageType.

simpDestPathMatcher(PathMatcher) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

The PathMatcher to be used with the MessageSecurityMetadataSourceRegistry.simpDestMatchers(String...).

simpleAuthentication(Customizer<RSocketSecurity.SimpleAuthenticationSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity

Adds support for validating a username and password using Simple Authentication

simpMessageDestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Maps a List of SimpDestinationMessageMatcher instances that match on SimpMessageType.MESSAGE.

simpSubscribeDestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Maps a List of SimpDestinationMessageMatcher instances that match on SimpMessageType.SUBSCRIBE.

simpTypeMatchers(SimpMessageType...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry

Maps a List of SimpDestinationMessageMatcher instances.

SPRING_SECURITY_FILTER_CHAIN - Static variable in class org.springframework.security.config.BeanIds

External alias for FilterChainProxy bean, for use in web.xml files

springSecurityFilterChain() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration

Creates the Spring Security Filter Chain

STATELESS - org.springframework.security.config.http.SessionCreationPolicy

Spring Security will never create an HttpSession and it will never use it to obtain the SecurityContext

subjectPrincipalRegex(String) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer

Specifies the regex to extract the principal from the certificate.

successForwardUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer

Forward Authentication Success Handler

successHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Specifies the AuthenticationSuccessHandler to be used.

supports(Class<?>) - Method in class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider

T

tokenEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Returns the OAuth2LoginConfigurer.TokenEndpointConfig for configuring the Authorization Server's Token Endpoint.

tokenEndpoint(Customizer<OAuth2LoginConfigurer.TokenEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Configures the Authorization Server's Token Endpoint.

tokenFromMultipartDataEnabled(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec

Specifies if CsrfWebFilter should try to resolve the actual CSRF token from the body of multipart data requests.

tokenRepository(PersistentTokenRepository) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

Specifies the PersistentTokenRepository to use.

tokenValiditySeconds(int) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

Allows specifying how long (in seconds) a token is valid for

type(String) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer.AttributeConfigurer

Deprecated.

The OpenID attribute type.

U

updateAccessDefaults(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Updates the default values for access.

updateAuthenticationDefaults() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer

Updates the default values for authentication.

url(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder

Specifies the ldap server URL when not using the embedded LDAP server.

UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds URL based authorization using DefaultFilterInvocationSecurityMetadataSource.

UrlAuthorizationConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer

UrlAuthorizationConfigurer.AuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers

Maps the specified RequestMatcher instances to ConfigAttribute instances.

UrlAuthorizationConfigurer.MvcMatchersAuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers

An UrlAuthorizationConfigurer.AuthorizedUrl that allows optionally configuring the MvcRequestMatcher.setMethod(HttpMethod)

UrlAuthorizationConfigurer.StandardInterceptUrlRegistry - Class in org.springframework.security.config.annotation.web.configurers

USER_DETAILS_SERVICE - Static variable in class org.springframework.security.config.BeanIds

USER_DETAILS_SERVICE_FACTORY - Static variable in class org.springframework.security.config.BeanIds

USER_SERVICE - Static variable in class org.springframework.security.config.Elements

userAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig

Sets the GrantedAuthoritiesMapper used for mapping OAuth2AuthenticatedPrincipal.getAuthorities().

userCache(UserCache) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

Defines the UserCache to use

UserDetailsAwareConfigurer<B extends ProviderManagerBuilder<B>,U extends org.springframework.security.core.userdetails.UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails

Base class that allows access to the UserDetailsService for using as a default value with AuthenticationManagerBuilder.

UserDetailsAwareConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsAwareConfigurer

userDetailsContextMapper(UserDetailsContextMapper) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

Allows explicit customization of the loaded user object by specifying a UserDetailsContextMapper bean which will be called with the context information from the user's directory entry.

UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>,C extends UserDetailsManagerConfigurer<B,C>> - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning

Base class for populating an AuthenticationManagerBuilder with a UserDetailsManager.

UserDetailsManagerConfigurer(UserDetailsManager) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer

UserDetailsManagerConfigurer.UserDetailsBuilder - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning

Builds the user to be added.

UserDetailsManagerResourceFactoryBean - Class in org.springframework.security.config.provisioning

Constructs an InMemoryUserDetailsManager from a resource using UserDetailsResourceFactoryBean.

UserDetailsManagerResourceFactoryBean() - Constructor for class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean

UserDetailsMapFactoryBean - Class in org.springframework.security.config.core.userdetails

Creates a Collection<UserDetails> from a @{code Map} in the format of

UserDetailsMapFactoryBean(Map<String, String>) - Constructor for class org.springframework.security.config.core.userdetails.UserDetailsMapFactoryBean

userDetailsPasswordManager(UserDetailsPasswordService) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer

UserDetailsResourceFactoryBean - Class in org.springframework.security.config.core.userdetails

Parses a Resource that is a Properties file in the format of: username=password[,enabled|disabled],roles...

UserDetailsResourceFactoryBean() - Constructor for class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean

userDetailsService() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Deprecated.

Allows modifying and accessing the UserDetailsService from WebSecurityConfigurerAdapter.userDetailsServiceBean() without interacting with the ApplicationContext.

userDetailsService(UserDetailsService) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

userDetailsService(UserDetailsService) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

Specifies the UserDetailsService used to look up the UserDetails when a remember me token is valid.

userDetailsService(UserDetailsService) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer

Shortcut for invoking X509Configurer.authenticationUserDetailsService(AuthenticationUserDetailsService) with a UserDetailsByNameServiceWrapper.

userDetailsService(UserDetailsService) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder

Allows adding an additional UserDetailsService to be used

userDetailsService(T) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder

Add authentication based upon the custom UserDetailsService that is passed in.

userDetailsServiceBean() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Deprecated.

Override this method to expose a UserDetailsService created from WebSecurityConfigurerAdapter.configure(AuthenticationManagerBuilder) as a bean.

UserDetailsServiceConfigurer<B extends ProviderManagerBuilder<B>,C extends UserDetailsServiceConfigurer<B,C,U>,U extends org.springframework.security.core.userdetails.UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails

Allows configuring a UserDetailsService within a AuthenticationManagerBuilder.

UserDetailsServiceConfigurer(U) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer

Creates a new instance

UserDetailsServiceFactoryBean - Class in org.springframework.security.config.http

Bean used to lookup a named UserDetailsService or AuthenticationUserDetailsService.

UserDetailsServiceFactoryBean() - Constructor for class org.springframework.security.config.http.UserDetailsServiceFactoryBean

userDnPatterns(String...) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

If your users are at a fixed location in the directory (i.e.

userInfoEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Returns the OAuth2LoginConfigurer.UserInfoEndpointConfig for configuring the Authorization Server's UserInfo Endpoint.

userInfoEndpoint(Customizer<OAuth2LoginConfigurer.UserInfoEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer

Configures the Authorization Server's UserInfo Endpoint.

usernameParameter(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer

The HTTP parameter to look for the username when performing authentication.

usersByUsernameQuery(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

Sets the query to be used for finding a user by their username.

userSearchBase(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

Search base for user searches.

userSearchFilter(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

The LDAP filter used to search for users (optional).

userService(OAuth2UserService<OAuth2UserRequest, OAuth2User>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig

Sets the OAuth 2.0 service used for obtaining the user attributes of the End-User from the UserInfo Endpoint.

UserServiceBeanDefinitionParser - Class in org.springframework.security.config.authentication

UserServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.UserServiceBeanDefinitionParser

useSecureCookie(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer

Whether the cookie should be flagged as secure or not.

V

validate(FilterChainProxy) - Method in class org.springframework.security.config.http.DefaultFilterChainValidator

valueOf(String) - Static method in enum org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder

Returns the enum constant of this type with the specified name.

valueOf(String) - Static method in enum org.springframework.security.config.http.MatcherType

Returns the enum constant of this type with the specified name.

valueOf(String) - Static method in enum org.springframework.security.config.http.SessionCreationPolicy

Returns the enum constant of this type with the specified name.

valueOf(String) - Static method in enum org.springframework.security.config.oauth2.client.CommonOAuth2Provider

Returns the enum constant of this type with the specified name.

valueOf(String) - Static method in enum org.springframework.security.config.web.server.SecurityWebFiltersOrder

Returns the enum constant of this type with the specified name.

values() - Static method in enum org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder

Returns an array containing the constants of this enum type, in the order they are declared.

values() - Static method in enum org.springframework.security.config.http.MatcherType

Returns an array containing the constants of this enum type, in the order they are declared.

values() - Static method in enum org.springframework.security.config.http.SessionCreationPolicy

Returns an array containing the constants of this enum type, in the order they are declared.

values() - Static method in enum org.springframework.security.config.oauth2.client.CommonOAuth2Provider

Returns an array containing the constants of this enum type, in the order they are declared.

values() - Static method in enum org.springframework.security.config.web.server.SecurityWebFiltersOrder

Returns an array containing the constants of this enum type, in the order they are declared.

W

WebMvcSecurityConfiguration - Class in org.springframework.security.config.annotation.web.servlet.configuration

Deprecated.

This is applied internally using SpringWebMvcImportSelector

WebMvcSecurityConfiguration() - Constructor for class org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration

Deprecated.

WebSecurity - Class in org.springframework.security.config.annotation.web.builders

The WebSecurity is created by WebSecurityConfiguration to create the FilterChainProxy known as the Spring Security Filter Chain (springSecurityFilterChain).

WebSecurity(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.web.builders.WebSecurity

Creates a new instance

WebSecurity.IgnoredRequestConfigurer - Class in org.springframework.security.config.annotation.web.builders

Allows registering RequestMatcher instances that should be ignored by Spring Security.

WebSecurity.MvcMatchersIgnoredRequestConfigurer - Class in org.springframework.security.config.annotation.web.builders

An WebSecurity.IgnoredRequestConfigurer that allows optionally configuring the MvcRequestMatcher.setMethod(HttpMethod)

WebSecurityConfiguration - Class in org.springframework.security.config.annotation.web.configuration

Uses a WebSecurity to create the FilterChainProxy that performs the web based security for Spring Security.

WebSecurityConfiguration() - Constructor for class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration

WebSecurityConfigurer<T extends SecurityBuilder<javax.servlet.Filter>> - Interface in org.springframework.security.config.annotation.web

Allows customization to the WebSecurity.

WebSecurityConfigurerAdapter - Class in org.springframework.security.config.annotation.web.configuration

Deprecated.

Use a SecurityFilterChain Bean to configure HttpSecurity or a WebSecurityCustomizer Bean to configure WebSecurity.

     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
             .authorizeHttpRequests((authz) ->
                 authz.anyRequest().authenticated()
             );
             // ...
         return http.build();
     }

    @Bean
    public WebSecurityCustomizer webSecurityCustomizer() {
        return (web) -> web.ignoring().antMatchers("/resources/**");
    }
 

See the Spring Security without WebSecurityConfigurerAdapter for more details.

WebSecurityConfigurerAdapter() - Constructor for class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Deprecated.

Creates an instance with the default configuration enabled.

WebSecurityConfigurerAdapter(boolean) - Constructor for class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Deprecated.

Creates an instance which allows specifying if the default configuration should be enabled.

WebSecurityCustomizer - Interface in org.springframework.security.config.annotation.web.configuration

Callback interface for customizing WebSecurity.

webSecurityExpressionHandler() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration

WEBSOCKET_MESSAGE_BROKER - Static variable in class org.springframework.security.config.Elements

WebSocketMessageBrokerSecurityBeanDefinitionParser - Class in org.springframework.security.config.websocket

Parses Spring Security's websocket namespace support.

WebSocketMessageBrokerSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.websocket.WebSocketMessageBrokerSecurityBeanDefinitionParser

WellKnownChangePasswordBeanDefinitionParser - Class in org.springframework.security.config.http

The bean definition parser for a Well-Known URL for Changing Passwords.

WellKnownChangePasswordBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.WellKnownChangePasswordBeanDefinitionParser

withDefaults() - Static method in interface org.springframework.security.config.Customizer

Returns a Customizer that does not alter the input argument.

withDefaultSchema() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

Populates the default schema that allows users and authorities to be stored.

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

Adds an ObjectPostProcessor for this class.

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer

Adds an ObjectPostProcessor for this class.

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry

Adds an ObjectPostProcessor for this class.

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry

Adds an ObjectPostProcessor for this class.

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry

Adds an ObjectPostProcessor for this class.

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry

Adds an ObjectPostProcessor for this class.

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer

Adds an ObjectPostProcessor for this class.

withPins(Map<String, String>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig

Sets the value for the pin- directive of the Public-Key-Pins header.

withUser(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer

Allows adding a user to the UserDetailsManager that is being created.

withUser(User.UserBuilder) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer

Allows adding a user to the UserDetailsManager that is being created.

withUser(UserDetails) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer

Allows adding a user to the UserDetailsManager that is being created.

writer(ServerHttpHeadersWriter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures custom headers writer

X

x509() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures X509 based pre authentication.

x509() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures x509 authentication using a certificate provided by a client.

x509(Customizer<X509Configurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures X509 based pre authentication.

x509(Customizer<ServerHttpSecurity.X509Spec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures x509 authentication using a certificate provided by a client.

X509 - Static variable in class org.springframework.security.config.Elements

x509AuthenticationFilter(X509AuthenticationFilter) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer

Allows specifying the entire X509AuthenticationFilter.

X509Configurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds X509 based pre authentication to an application.

X509Configurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.X509Configurer

Creates a new instance

x509PrincipalExtractor(X509PrincipalExtractor) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer

Specifies the X509PrincipalExtractor

xssProtection() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Note this is not comprehensive XSS protection!

xssProtection() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures x-xss-protection response header.

xssProtection(Customizer<HeadersConfigurer.XXssConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Note this is not comprehensive XSS protection!

xssProtection(Customizer<ServerHttpSecurity.HeaderSpec.XssProtectionSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures x-xss-protection response header.

xssProtectionEnabled(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig

If true, the header value will contain a value of 1.

A B C D E F G H I J K L M N O P R S T U V W X
All Classes All Packages