Index (spring-security-config 5.8.2 API)

A B C D E F G H I J K L M N O P R S T U V W X
All Classes All Packages

A

AbstractAuthenticationFilterConfigurer,T extends AbstractAuthenticationFilterConfigurer<B,T,F>,F extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter> - Class in org.springframework.security.config.annotation.web.configurers: Base class for configuring AbstractAuthenticationFilterConfigurer.
AbstractAuthenticationFilterConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Creates a new instance with minimal defaults
AbstractAuthenticationFilterConfigurer(F, String) - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Creates a new instance
AbstractConfigAttributeRequestMatcherRegistry<C> - Class in org.springframework.security.config.annotation.web.configurers: A base class for registering RequestMatcher's.
AbstractConfigAttributeRequestMatcherRegistry() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry
AbstractConfiguredSecurityBuilder<O,B extends SecurityBuilder<O>> - Class in org.springframework.security.config.annotation: A base SecurityBuilder that allows SecurityConfigurer to be applied to it.
AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Creates a new instance with the provided ObjectPostProcessor.
AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>, boolean) - Constructor for class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Creates a new instance with the provided ObjectPostProcessor.
AbstractDaoAuthenticationConfigurer,C extends AbstractDaoAuthenticationConfigurer<B,C,U>,U extends org.springframework.security.core.userdetails.UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails: Allows configuring a DaoAuthenticationProvider
AbstractHttpConfigurer<T extends AbstractHttpConfigurer<T,B>,B extends HttpSecurityBuilder> - Class in org.springframework.security.config.annotation.web.configurers: Adds a convenient base class for SecurityConfigurer instances that operate on HttpSecurity.
AbstractHttpConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConfigurer<C,H>,H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Deprecated.
Use AuthorizeHttpRequestsConfigurer instead
AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry<R extends AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry<R,T>,T> - Class in org.springframework.security.config.annotation.web.configurers: Deprecated.
AbstractLdapAuthenticationManagerFactory<T extends org.springframework.security.ldap.authentication.AbstractLdapAuthenticator> - Class in org.springframework.security.config.ldap: Creates an AuthenticationManager that can perform LDAP authentication.
AbstractRequestMatcherRegistry<C> - Class in org.springframework.security.config.annotation.web: A base class for registering RequestMatcher's.
AbstractRequestMatcherRegistry() - Constructor for class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
AbstractSecurityBuilder<O> - Class in org.springframework.security.config.annotation: A base SecurityBuilder that ensures the object being built is only built one time.
AbstractSecurityBuilder() - Constructor for class org.springframework.security.config.annotation.AbstractSecurityBuilder
AbstractSecurityWebSocketMessageBrokerConfigurer - Class in org.springframework.security.config.annotation.web.socket: Deprecated.
Use EnableWebSocketSecurity instead
AbstractSecurityWebSocketMessageBrokerConfigurer() - Constructor for class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer: Deprecated.
AbstractServerWebExchangeMatcherRegistry<T> - Class in org.springframework.security.config.web.server
AbstractUserDetailsServiceBeanDefinitionParser - Class in org.springframework.security.config.authentication
AbstractUserDetailsServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
access(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl: Deprecated.

Allows specifying that URLs are secured by an arbitrary expression
access(String) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint: Deprecated.

Allows specifying that Messages are secured by an arbitrary expression
access(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl: Deprecated.

Specifies that the user must have the specified ConfigAttribute's
access(AuthorizationManager<RequestAuthorizationContext>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Allows specifying a custom AuthorizationManager.
access(ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
access(ReactiveAuthorizationManager<AuthorizationContext>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access: Allows plugging in a custom authorization strategy
Access() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
ACCESS_DENIED_HANDLER - Static variable in class org.springframework.security.config.Elements
accessDecisionManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Allows subclasses to provide a custom AccessDecisionManager.
accessDecisionManager(AccessDecisionManager) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry: Deprecated.

Allows setting the AccessDecisionManager.
accessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer: Specifies the AccessDeniedHandler to be used
accessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec: Configures the ServerAccessDeniedHandler used when a CSRF token is invalid.
accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec: Configures what to do when an authenticated user does not hold a required authority
accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec: Configures the ServerAccessDeniedHandler to use for requests authenticating with Bearer Tokens.
accessDeniedPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer: Shortcut to specify the AccessDeniedHandler to be used is a specific error page
accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer: Sets the client used for requesting the access token credential from the Token Endpoint.
accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.TokenEndpointConfig: Sets the client used for requesting the access token credential from the Token Endpoint.
accountExpired(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder: Defines if the account is expired or not.
accountLocked(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder: Defines if the account is locked or not.
addArgumentResolvers(List<HandlerMethodArgumentResolver>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer: Deprecated.
addArgumentResolvers(List<HandlerMethodArgumentResolver>) - Method in class org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration: Deprecated.
addFilter(Filter) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
addFilter(Filter) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder: Adds a Filter that must be an instance of or extend one of the Filters provided within the Security framework.
addFilterAfter(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
addFilterAfter(Filter, Class<? extends Filter>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder: Allows adding a Filter after one of the known Filter classes.
addFilterAfter(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Adds a WebFilter after specific position.
addFilterAt(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Adds the Filter at the location of the specified Filter class.
addFilterAt(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Adds a WebFilter at a specific position.
addFilterBefore(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
addFilterBefore(Filter, Class<? extends Filter>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder: Allows adding a Filter before one of the known Filter classes.
addFilterBefore(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Adds a WebFilter before specific position.
addHeaderWriter(HeaderWriter) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Adds a HeaderWriter instance
addLogoutHandler(LogoutHandler) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: Adds a LogoutHandler.
addObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter: Adds an ObjectPostProcessor to be used for this SecurityConfigurerAdapter.
addPayloadInterceptor(PayloadInterceptor) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity: Adds a PayloadInterceptor to be used.
addSecurityFilterChainBuilder(SecurityBuilder<? extends SecurityFilterChain>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity: Adds builders to create SecurityFilterChain instances.
addSha256Pins(String...) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig: Deprecated.

Adds a list of SHA256 hashed pins for the pin- directive of the Public-Key-Pins header.
AFTER_INVOCATION_PROVIDER - Static variable in class org.springframework.security.config.Elements
afterInvocationManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Provide a custom AfterInvocationManager for the default implementation of GlobalMethodSecurityConfiguration.methodSecurityInterceptor(MethodSecurityMetadataSource).
afterSingletonsInstantiated() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.
afterSingletonsInstantiated() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer: Deprecated.
AlreadyBuiltException - Exception in org.springframework.security.config.annotation: Thrown when AbstractSecurityBuilder.build() is two or more times.
AlreadyBuiltException(String) - Constructor for exception org.springframework.security.config.annotation.AlreadyBuiltException
ALWAYS - org.springframework.security.config.http.SessionCreationPolicy: Always create an HttpSession
alwaysRemember(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: Whether the cookie should always be created even if the remember-me parameter is not set.
and() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder: Gets the LdapAuthenticationProviderConfigurer for further customizations
and() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer: Allows obtaining a reference to the LdapAuthenticationProviderConfigurer for further customizations
and() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder: Returns the UserDetailsManagerConfigurer for method chaining (i.e.
and() - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter: Return the SecurityBuilder when done using the SecurityConfigurer.
and() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer: Return the HttpSecurity for further customizations
and() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer: Returns the WebSecurity to be returned for chaining.
and() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry: Return the HttpSecurityBuilder when done using the AuthorizeHttpRequestsConfigurer.
and() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry: Return the SecurityBuilder when done using the SecurityConfigurer.
and() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry: Deprecated.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CacheControlConfig: Allows completing configuration of Cache Control and continuing configuration of headers.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig: Allows completing configuration of Content Security Policy and continuing configuration of headers.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentTypeOptionsConfig: Allows customizing the HeadersConfigurer
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginEmbedderPolicyConfig: Allows completing configuration of Cross-Origin-Embedder-Policy and continuing configuration of headers.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginOpenerPolicyConfig: Allows completing configuration of Cross Origin Opener Policy and continuing configuration of headers.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginResourcePolicyConfig: Allows completing configuration of Cross-Origin-Resource-Policy and continuing configuration of headers.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FeaturePolicyConfig: Allows completing configuration of Feature Policy and continuing configuration of headers.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig: Allows continuing customizing the headers configuration.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig: Deprecated.

Allows completing configuration of Public Key Pinning and continuing configuration of headers.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig: Allows completing configuration of Strict Transport Security and continuing configuration of headers.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.PermissionsPolicyConfig: Allows completing configuration of Permissions Policy and continuing configuration of headers.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ReferrerPolicyConfig
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig: Allows completing configuration of X-XSS-Protection and continuing configuration of headers.
and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer: Returns the OAuth2ClientConfigurer for further configuration.
and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig: Returns the OAuth2LoginConfigurer for further configuration.
and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.RedirectionEndpointConfig: Returns the OAuth2LoginConfigurer for further configuration.
and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.TokenEndpointConfig: Returns the OAuth2LoginConfigurer for further configuration.
and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig: Returns the OAuth2LoginConfigurer for further configuration.
and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
and() - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer: Deprecated.

Get the OpenIDLoginConfigurer to customize the OpenID configuration further
and() - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer.AttributeConfigurer: Deprecated.

Gets the OpenIDLoginConfigurer.AttributeExchangeConfigurer for further customization of the attributes
and() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer
and() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer
and() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer: Used to chain back to the SessionManagementConfigurer
and() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry: Deprecated.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec: Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec: Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec: Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec: Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec: Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec: Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec: Allows method chaining to continue configuring the ServerHttpSecurity.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec: Allows method chaining to continue configuring the ServerHttpSecurity.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec: Allows method chaining to continue configuring the ServerHttpSecurity.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec: Allows method chaining to continue configuring the ServerHttpSecurity.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FeaturePolicySpec: Allows method chaining to continue configuring the ServerHttpSecurity.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec: Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec: Allows method chaining to continue configuring the ServerHttpSecurity.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec: Allows method chaining to continue configuring the ServerHttpSecurity.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec: Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec: Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec: Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec: Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec: Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec: Allows method chaining to continue configuring the ServerHttpSecurity.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec: Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
anonymous() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring how an anonymous user is represented.
anonymous() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specify that URLs are allowed by anonymous users.
anonymous() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl: Deprecated.

Specify that URLs are allowed by anonymous users.
anonymous() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl: Deprecated.

Specifies that an anonymous user is allowed access
anonymous() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint: Deprecated.

Specify that Messages are allowed by anonymous users.
anonymous() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Enables and Configures anonymous authentication.
anonymous(Customizer<AnonymousConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring how an anonymous user is represented.
anonymous(Customizer<ServerHttpSecurity.AnonymousSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Enables and Configures anonymous authentication.
ANONYMOUS - org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder: Where anonymous authentication is placed.
ANONYMOUS - Static variable in class org.springframework.security.config.Elements
ANONYMOUS_AUTHENTICATION - org.springframework.security.config.web.server.SecurityWebFiltersOrder: Instance of AnonymousAuthenticationWebFilter
AnonymousConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Configures Anonymous authentication (i.e.
AnonymousConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer: Creates a new instance
ant - org.springframework.security.config.http.MatcherType
antMatcher(String) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Deprecated.
use HttpSecurity.securityMatcher(String...) instead
antMatchers(String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Deprecated.
use AbstractRequestMatcherRegistry.requestMatchers(String...) instead
antMatchers(HttpMethod) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Deprecated.
use AbstractRequestMatcherRegistry.requestMatchers(HttpMethod) instead
antMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Deprecated.
use AbstractRequestMatcherRegistry.requestMatchers(HttpMethod, String...) instead
anyExchange() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec: Always matches
anyExchange() - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry: Maps any request.
anyExchange() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec: Disables authorization.
anyMessage() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry: Deprecated.

Maps any Message to a security expression.
anyRequest() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec: Matches if PayloadExchangeType.isRequest() is true, else not a match
anyRequest() - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Maps any request.
apply(C) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Applies a SecurityConfigurerAdapter to this SecurityBuilder and invokes SecurityConfigurerAdapter.setBuilder(SecurityBuilder).
ATT_GROUP_ROLE_ATTRIBUTE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
ATT_GROUP_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
ATT_GROUP_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
ATT_HASH - Static variable in class org.springframework.security.config.authentication.PasswordEncoderParser
ATT_LDIF_FILE - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser: Optionally defines an ldif resource to be loaded.
ATT_PORT - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser: Defines the port the LDAP_PROVIDER server should run on
ATT_ROOT_SUFFIX - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser: sets the configuration suffix (default is "dc=springframework,dc=org").
ATT_SERVER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
ATT_USER_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
ATT_USER_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
attribute(String) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer: Deprecated.

Adds an OpenIDAttribute with the given name
attribute(Customizer<OpenIDLoginConfigurer.AttributeExchangeConfigurer.AttributeConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer: Deprecated.

Adds an OpenIDAttribute named "default-attribute".
attribute(OpenIDAttribute) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer: Deprecated.

Adds an OpenIDAttribute to be obtained for the configured OpenID pattern.
attributeExchange(String) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer: Deprecated.

Sets up OpenID attribute exchange for OpenID's matching the specified pattern.
attributeExchange(Customizer<OpenIDLoginConfigurer.AttributeExchangeConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer: Deprecated.

Sets up OpenID attribute exchange for OpenIDs matching the specified pattern.
authenticate(Authentication) - Method in class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider
authenticated() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
authenticated() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specify that URLs are allowed by any authenticated user.
authenticated() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl: Deprecated.

Specify that URLs are allowed by any authenticated user.
authenticated() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint: Deprecated.

Specify that Messages are allowed by any authenticated user.
authenticated() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access: Require an authenticated user
authenticatedUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer: Specifies the AuthenticationUserDetailsService that is used with the PreAuthenticatedAuthenticationProvider.
AUTHENTICATION - org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder: A generic placeholder for other types of authentication.
AUTHENTICATION - org.springframework.security.config.web.server.SecurityWebFiltersOrder
AUTHENTICATION_MANAGER - Static variable in class org.springframework.security.config.BeanIds: The "global" AuthenticationManager instance, registered by the <authentication-manager> element
AUTHENTICATION_MANAGER - Static variable in class org.springframework.security.config.Elements
AUTHENTICATION_PROVIDER - Static variable in class org.springframework.security.config.Elements
AuthenticationConfiguration - Class in org.springframework.security.config.annotation.authentication.configuration: Exports the authentication Configuration
AuthenticationConfiguration() - Constructor for class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
authenticationConverter(OpaqueTokenAuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
authenticationConverter(ReactiveOpaqueTokenAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
authenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer: Use this AuthenticationConverter when converting incoming requests to an Authentication.
authenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec: Sets the converter to use
authenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: Sets the converter to use
authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Specifies a custom AuthenticationDetailsSource.
authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer: Specifies a custom AuthenticationDetailsSource to use for basic authentication.
authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails>) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer: Specifies the AuthenticationDetailsSource
authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer: Sets the AuthenticationEntryPoint to be used.
authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer: The AuthenticationEntryPoint to be populated on BasicAuthenticationFilter in the event that authentication fails.
authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec: Configures what to do when the application request authentication
authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec: How to request for authentication.
authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec: Allows easily setting the entry point.
authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec: Configures the ServerAuthenticationEntryPoint to use for requests authenticating with Bearer Tokens.
authenticationEventPublisher(AuthenticationEventPublisher) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder: Sets the AuthenticationEventPublisher
authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec: Configures how a failed authentication is handled.
authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: The ServerAuthenticationFailureHandler used after authentication failure.
authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
authenticationFilter(AnonymousAuthenticationFilter) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer: Sets the AnonymousAuthenticationFilter used to populate an anonymous user.
authenticationFilter(AnonymousAuthenticationWebFilter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec: Sets the AnonymousAuthenticationWebFilter used to populate an anonymous user.
authenticationManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Allows providing a custom AuthenticationManager.
authenticationManager() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter: Deprecated.

Gets the AuthenticationManager to use.
authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configure the default AuthenticationManager.
authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer: Allows a configuration of a AuthenticationManager to be used during SAML 2 authentication.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.BasicAuthenticationSpec
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.JwtSpec
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.SimpleAuthenticationSpec
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configure the default authentication manager.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec: The ReactiveAuthenticationManager used to authenticate.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec: The ReactiveAuthenticationManager used to authenticate.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec: Configures the ReactiveAuthenticationManager to use.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: Configures the ReactiveAuthenticationManager to use.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec: Configures the ReactiveAuthenticationManager to use
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
authenticationManagerBean() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter: Deprecated.

Override this method to expose the AuthenticationManager from WebSecurityConfigurerAdapter.configure(AuthenticationManagerBuilder) to be exposed as a Bean.
AuthenticationManagerBeanDefinitionParser - Class in org.springframework.security.config.authentication: Registers the central ProviderManager used by the namespace configuration, and allows the configuration of an alias, allowing users to reference it in their beans and clearly see where the name is coming from.
AuthenticationManagerBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser
AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider - Class in org.springframework.security.config.authentication: Provider which doesn't provide any service.
authenticationManagerBuilder(ObjectPostProcessor<Object>, ApplicationContext) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
AuthenticationManagerBuilder - Class in org.springframework.security.config.annotation.authentication.builders: SecurityBuilder used to create an AuthenticationManager.
AuthenticationManagerBuilder(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder: Creates a new instance
AuthenticationManagerFactoryBean - Class in org.springframework.security.config.authentication: Factory bean for the namespace AuthenticationManager, which allows a more meaningful error message to be reported in the NoSuchBeanDefinitionException, if the user has forgotten to declare the <authentication-manager> element.
AuthenticationManagerFactoryBean() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
authenticationManagerResolver(AuthenticationManagerResolver<HttpServletRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
authenticationManagerResolver(ReactiveAuthenticationManagerResolver<ServerWebExchange>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec: Configures the ReactiveAuthenticationManagerResolver
authenticationMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: Sets the matcher used for determining if the request is an authentication request.
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder: Add authentication based upon the custom AuthenticationProvider that is passed in.
authenticationProvider(AuthenticationProvider) - Method in interface org.springframework.security.config.annotation.authentication.ProviderManagerBuilder: Add authentication based upon the custom AuthenticationProvider that is passed in.
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer: Sets the AuthenticationProvider used to validate an anonymous user.
authenticationProvider(AuthenticationProvider) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder: Allows adding an additional AuthenticationProvider to be used
AuthenticationProviderBeanDefinitionParser - Class in org.springframework.security.config.authentication: Wraps a UserDetailsService bean with a DaoAuthenticationProvider and registers the latter with the ProviderManager.
AuthenticationProviderBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AuthenticationProviderBeanDefinitionParser
authenticationRequestResolver(Saml2AuthenticationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer: Use this Saml2AuthenticationRequestResolver for generating SAML 2.0 Authentication Requests.
authenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: Allows control over the destination a remembered user is sent to when they are successfully authenticated.
authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec: The ServerAuthenticationSuccessHandler used after authentication success.
authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: The ServerAuthenticationSuccessHandler used after authentication success.
authenticationUserDetailsService(AuthenticationUserDetailsService<OpenIDAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer: Deprecated.

The AuthenticationUserDetailsService to use.
authenticationUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer: Specifies the AuthenticationUserDetailsService to use.
authorities(String...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder: Populates the authorities.
authorities(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer: Sets the Authentication.getAuthorities() for anonymous users
authorities(String...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec: Sets the Authentication.getAuthorities() for anonymous users
authorities(List<? extends GrantedAuthority>) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder: Populates the authorities.
authorities(List<GrantedAuthority>) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer: Sets the Authentication.getAuthorities() for anonymous users
authorities(List<GrantedAuthority>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec: Sets the Authentication.getAuthorities() for anonymous users
authorities(GrantedAuthority...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder: Populates the authorities.
authoritiesByUsernameQuery(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer: Sets the query to be used for finding a user's authorities by their username.
authoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: Specifies the GrantedAuthoritiesMapper.
AUTHORIZATION - org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder: Where authorization is placed.
AUTHORIZATION - org.springframework.security.config.web.server.SecurityWebFiltersOrder
authorizationCodeGrant() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer: Returns the OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer for configuring the OAuth 2.0 Authorization Code Grant.
authorizationCodeGrant(Customizer<OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer: Configures the OAuth 2.0 Authorization Code Grant.
authorizationEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer: Returns the OAuth2LoginConfigurer.AuthorizationEndpointConfig for configuring the Authorization Server's Authorization Endpoint.
authorizationEndpoint(Customizer<OAuth2LoginConfigurer.AuthorizationEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer: Configures the Authorization Server's Authorization Endpoint.
authorizationRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer: Sets the redirect strategy for Authorization Endpoint redirect URI.
authorizationRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig: Sets the redirect strategy for Authorization Endpoint redirect URI.
authorizationRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec: Sets the redirect strategy for Authorization Endpoint redirect URI.
authorizationRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: Sets the redirect strategy for Authorization Endpoint redirect URI.
authorizationRequestBaseUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.ImplicitGrantConfigurer: Deprecated.

Sets the base URI used for authorization requests.
authorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer: Sets the repository used for storing OAuth2AuthorizationRequest's.
authorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig: Sets the repository used for storing OAuth2AuthorizationRequest's.
authorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec: Sets the repository to use for storing OAuth2AuthorizationRequest's.
authorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: Sets the repository to use for storing OAuth2AuthorizationRequest's.
authorizationRequestResolver(OAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer: Sets the resolver used for resolving OAuth2AuthorizationRequest's.
authorizationRequestResolver(OAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig: Sets the resolver used for resolving OAuth2AuthorizationRequest's.
authorizationRequestResolver(ServerOAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: Sets the resolver used for resolving OAuth2AuthorizationRequest's.
authorizedClientRepository(OAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer: Sets the repository for authorized client(s).
authorizedClientRepository(OAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer: Sets the repository for authorized client(s).
authorizedClientRepository(ServerOAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec: Configures the ReactiveClientRegistrationRepository.
authorizedClientRepository(ServerOAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
authorizedClientService(OAuth2AuthorizedClientService) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer: Sets the service for authorized client(s).
authorizedClientService(OAuth2AuthorizedClientService) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer: Sets the service for authorized client(s).
authorizedClientService(ReactiveOAuth2AuthorizedClientService) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
authorizeExchange() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures authorization.
authorizeExchange(Customizer<ServerHttpSecurity.AuthorizeExchangeSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures authorization.
AuthorizeExchangeSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
authorizeHttpRequests() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows restricting access based upon the HttpServletRequest using RequestMatcher implementations (i.e.
authorizeHttpRequests(Customizer<AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows restricting access based upon the HttpServletRequest using RequestMatcher implementations (i.e.
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds a URL based authorization using AuthorizationManager.
AuthorizeHttpRequestsConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer: Creates an instance.
AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry - Class in org.springframework.security.config.annotation.web.configurers: Registry for mapping a RequestMatcher to an AuthorizationManager.
AuthorizeHttpRequestsConfigurer.AuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers: An object that allows configuring the AuthorizationManager for RequestMatchers.
AuthorizeHttpRequestsConfigurer.MvcMatchersAuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers: Deprecated.
use MvcRequestMatcher.Builder instead
authorizePayload(Customizer<RSocketSecurity.AuthorizePayloadsSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
AuthorizePayloadsSpec() - Constructor for class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
authorizeRequests() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Deprecated.
Use HttpSecurity.authorizeHttpRequests() instead
authorizeRequests(Customizer<ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Deprecated.
Use HttpSecurity.authorizeHttpRequests() instead
AutowiredWebSecurityConfigurersIgnoreParents - Class in org.springframework.security.config.annotation.web.configuration: A class used to get all the WebSecurityConfigurer instances from the current ApplicationContext but ignoring the parent.

B

baseUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig: Sets the base URI used for authorization requests.
baseUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.RedirectionEndpointConfig: Sets the URI where the authorization response will be processed.
BASIC_AUTH - Static variable in class org.springframework.security.config.Elements
BASIC_AUTHENTICATION - org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder: Where basic authentication is placed.
basicAuthentication(Customizer<RSocketSecurity.BasicAuthenticationSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity: Deprecated.
Use RSocketSecurity.simpleAuthentication(Customizer)
BeanIds - Class in org.springframework.security.config: Contains globally used default Bean IDs for beans created by the namespace support in Spring Security 2.
BeanIds() - Constructor for class org.springframework.security.config.BeanIds
bearerTokenConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec: Configures the ServerAuthenticationConverter to use for requests authenticating with Bearer Tokens.
bearerTokenResolver(BearerTokenResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
beforeConfigure() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Invoked prior to invoking each SecurityConfigurer.configure(SecurityBuilder) method.
beforeConfigure() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
beforeInit() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Invoked prior to invoking each SecurityConfigurer.init(SecurityBuilder) method.
block(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig: Deprecated.
use HeadersConfigurer.XXssConfig.headerValue(XXssProtectionHeaderWriter.HeaderValue) instead
build() - Method in class org.springframework.security.config.annotation.AbstractSecurityBuilder
build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.BasicAuthenticationSpec
build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.JwtSpec
build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.SimpleAuthenticationSpec
build() - Method in interface org.springframework.security.config.annotation.SecurityBuilder: Builds the object and returns it or null.
build() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Builds the SecurityWebFilterChain

C

cache() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures cache control headers
cache(Customizer<ServerHttpSecurity.HeaderSpec.CacheSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures cache control headers
cacheControl() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows customizing the CacheControlHeadersWriter.
cacheControl(Customizer<HeadersConfigurer.CacheControlConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows customizing the CacheControlHeadersWriter.
CACHING_SUFFIX - Static variable in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Subclasses should implement this method for returning the object that is chained to the creation of the RequestMatcher instances.
chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer
chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer
chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry: Marks the RequestMatcher's as unmapped and then calls AbstractConfigAttributeRequestMatcherRegistry.chainRequestMatchersInternal(List).
chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry
chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry: Subclasses should implement this method for returning the object that is chained to the creation of the RequestMatcher instances.
chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry
chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry: Deprecated.
chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry: Deprecated.
changePasswordPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer: Sets the change password page.
changePasswordPage(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec: Sets the change password page.
changeSessionId() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer: Specifies that the Servlet container-provided session fixation protection should be used.
ChannelAttributeFactory - Class in org.springframework.security.config.http: Used as a factory bean to create config attribute values for the requires-channel attribute.
channelProcessors(List<ChannelProcessor>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry: Sets the ChannelProcessor instances to use in ChannelDecisionManagerImpl
ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds channel security (i.e.
ChannelSecurityConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer: Creates a new instance
ChannelSecurityConfigurer.ChannelRequestMatcherRegistry - Class in org.springframework.security.config.annotation.web.configurers
ChannelSecurityConfigurer.MvcMatchersRequiresChannelUrl - Class in org.springframework.security.config.annotation.web.configurers
ChannelSecurityConfigurer.RequiresChannelUrl - Class in org.springframework.security.config.annotation.web.configurers
ciRegex - org.springframework.security.config.http.MatcherType
clearAuthentication(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: Specifies if SecurityContextLogoutHandler should clear the Authentication at the time of logout.
CLIENT_REGISTRATIONS - Static variable in class org.springframework.security.config.Elements
clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.ImplicitGrantConfigurer: Deprecated.

Sets the repository of client registrations.
clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer: Sets the repository of client registrations.
clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer: Sets the repository of client registrations.
clientRegistrationRepository(ReactiveClientRegistrationRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec: Configures the ReactiveClientRegistrationRepository.
clientRegistrationRepository(ReactiveClientRegistrationRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
ClientRegistrationsBeanDefinitionParser - Class in org.springframework.security.config.oauth2.client
ClientRegistrationsBeanDefinitionParser() - Constructor for class org.springframework.security.config.oauth2.client.ClientRegistrationsBeanDefinitionParser
CommonOAuth2Provider - Enum in org.springframework.security.config.oauth2.client: Common OAuth2 Providers that can be used to create builders pre-configured with sensible defaults.
CONCURRENT_SESSIONS - Static variable in class org.springframework.security.config.Elements
configurationSource(CorsConfigurationSource) - Method in class org.springframework.security.config.annotation.web.configurers.CorsConfigurer
configurationSource(CorsConfigurationSource) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec: Configures the CorsConfigurationSource to be used
configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer
configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer
configure(B) - Method in interface org.springframework.security.config.annotation.SecurityConfigurer: Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
configure(B) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.ImplicitGrantConfigurer: Deprecated.
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer: Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer: Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer: Deprecated.
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.CorsConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer: Deprecated.
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer: Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
configure(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter
configure(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Sub classes can override this method to register different types of authentication.
configure(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter: Deprecated.

Used by the default implementation of WebSecurityConfigurerAdapter.authenticationManager() to attempt to obtain an AuthenticationManager.
configure(HttpSecurity) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter: Deprecated.

Override this method to configure the HttpSecurity.
configure(WebSecurity) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter: Deprecated.

Override this method to configure WebSecurity.
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
configureClientInboundChannel(ChannelRegistration) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer: Deprecated.
configureInbound(MessageSecurityMetadataSourceRegistry) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer: Deprecated.
consumer(OpenIDConsumer) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer: Deprecated.

Allows specifying the OpenIDConsumer to be used.
consumerManager(ConsumerManager) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer: Deprecated.

Allows specifying the ConsumerManager to be used.
containsMapping() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry: Deprecated.

Allows determining if a mapping was added.
contentSecurityPolicy(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows configuration for Content Security Policy (CSP) Level 2.
contentSecurityPolicy(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures Content-Security-Policy response header.
contentSecurityPolicy(Customizer<HeadersConfigurer.ContentSecurityPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows configuration for Content Security Policy (CSP) Level 2.
contentSecurityPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures Content-Security-Policy response header.
contentTypeOptions() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Configures the XContentTypeOptionsHeaderWriter which inserts the X-Content-Type-Options:
contentTypeOptions() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures content type response headers
contentTypeOptions(Customizer<HeadersConfigurer.ContentTypeOptionsConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Configures the XContentTypeOptionsHeaderWriter which inserts the X-Content-Type-Options:
contentTypeOptions(Customizer<ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures content type response headers
CONTEXT_SOURCE - Static variable in class org.springframework.security.config.BeanIds
CONTEXT_SOURCE_SETTING_POST_PROCESSOR - Static variable in class org.springframework.security.config.BeanIds
contextSource() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: Allows easily configuring of a BaseLdapPathContextSource with defaults pointing to an embedded LDAP server that is created.
contextSource(BaseLdapPathContextSource) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: Specifies the BaseLdapPathContextSource to be used.
ContextSourceSettingPostProcessor - Class in org.springframework.security.config.ldap: Checks for the presence of a ContextSource instance.
conversionServicePostProcessor() - Static method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
cors() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Adds a CorsFilter to be used.
cors() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures CORS headers.
cors(Customizer<CorsConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Adds a CorsFilter to be used.
cors(Customizer<ServerHttpSecurity.CorsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures CORS headers.
CORS - org.springframework.security.config.web.server.SecurityWebFiltersOrder: CorsWebFilter
CORS - Static variable in class org.springframework.security.config.Elements
CorsBeanDefinitionParser - Class in org.springframework.security.config.http: Parser for the CorsFilter.
CorsBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.CorsBeanDefinitionParser
CorsConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds CorsFilter to the Spring Security filter chain.
CorsConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.CorsConfigurer: Creates a new instance
count(int) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer.AttributeConfigurer: Deprecated.

Specifies the number of attribute values to request.
createAuthenticationManager() - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory: Returns the configured AuthenticationManager that can be used to perform LDAP authentication.
createChannelAttributes(String) - Static method in class org.springframework.security.config.http.ChannelAttributeFactory
createDefaultLdapAuthenticator() - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory: Allows subclasses to supply the default AbstractLdapAuthenticator.
createDefaultLdapAuthenticator() - Method in class org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory
createDefaultLdapAuthenticator() - Method in class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory
createExpressionHandler() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Provide a MethodSecurityExpressionHandler that is registered with the ExpressionBasedPreInvocationAdvice.
createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Create the RequestMatcher given a loginProcessingUrl
createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer: Deprecated.
createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
createMatcher(ParserContext, String, String) - Method in enum org.springframework.security.config.http.MatcherType
createMatcher(ParserContext, String, String, String) - Method in enum org.springframework.security.config.http.MatcherType
createMetadataSource() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry: Deprecated.

Allows subclasses to create creating a MessageSecurityMetadataSource.
createMvcMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Creates MvcRequestMatcher instances for the method and patterns passed in
createPasswordEncoderBeanDefinition(String, boolean) - Static method in class org.springframework.security.config.authentication.PasswordEncoderParser
credentialsExpired(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder: Defines if the credentials are expired or not.
crossOriginEmbedderPolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows configuration for Cross-Origin-Embedder-Policy header.
crossOriginEmbedderPolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures the Cross-Origin-Embedder-Policy header.
crossOriginEmbedderPolicy(Customizer<HeadersConfigurer.CrossOriginEmbedderPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows configuration for Cross-Origin-Embedder-Policy header.
crossOriginEmbedderPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures the Cross-Origin-Embedder-Policy header.
CrossOriginEmbedderPolicyConfig() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginEmbedderPolicyConfig
crossOriginOpenerPolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows configuration for Cross-Origin-Opener-Policy header.
crossOriginOpenerPolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures the Cross-Origin-Opener-Policy header.
crossOriginOpenerPolicy(Customizer<HeadersConfigurer.CrossOriginOpenerPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows configuration for Cross-Origin-Opener-Policy header.
crossOriginOpenerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures the Cross-Origin-Opener-Policy header.
CrossOriginOpenerPolicyConfig() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginOpenerPolicyConfig
crossOriginResourcePolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows configuration for Cross-Origin-Resource-Policy header.
crossOriginResourcePolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures the Cross-Origin-Resource-Policy header.
crossOriginResourcePolicy(Customizer<HeadersConfigurer.CrossOriginResourcePolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows configuration for Cross-Origin-Resource-Policy header.
crossOriginResourcePolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures the Cross-Origin-Resource-Policy header.
CrossOriginResourcePolicyConfig() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginResourcePolicyConfig
csrf() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Enables CSRF protection.
csrf() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures CSRF Protection which is enabled by default.
csrf(Customizer<CsrfConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Enables CSRF protection.
csrf(Customizer<ServerHttpSecurity.CsrfSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures CSRF Protection which is enabled by default.
CSRF - org.springframework.security.config.web.server.SecurityWebFiltersOrder: CsrfWebFilter
CSRF - Static variable in class org.springframework.security.config.Elements
CsrfBeanDefinitionParser - Class in org.springframework.security.config.http: Parser for the CsrfFilter.
CsrfBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.CsrfBeanDefinitionParser
csrfChannelInterceptor() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer: Deprecated.
CsrfConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds CSRF protection for the methods as specified by CsrfConfigurer.requireCsrfProtectionMatcher(RequestMatcher).
CsrfConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer: Creates a new instance
csrfTokenRepository(CsrfTokenRepository) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer: Specify the CsrfTokenRepository to use.
csrfTokenRepository(ServerCsrfTokenRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec: Configures the ServerCsrfTokenRepository used to persist the CSRF Token.
csrfTokenRequestHandler(CsrfTokenRequestHandler) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer: Specify a CsrfTokenRequestHandler to use for making the CsrfToken available as a request attribute.
csrfTokenRequestHandler(ServerCsrfTokenRequestHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec: Specifies a ServerCsrfTokenRequestHandler that is used to make the CsrfToken available as an exchange attribute.
CUSTOM_FILTER - Static variable in class org.springframework.security.config.Elements
customize(WebSecurity) - Method in interface org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer: Performs the customizations on WebSecurity.
customize(T) - Method in interface org.springframework.security.config.Customizer: Performs the customizations on the input argument.
customizeClientInboundChannel(ChannelRegistration) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer: Deprecated.

Allows subclasses to customize the configuration of the ChannelRegistration .
Customizer<T> - Interface in org.springframework.security.config: Callback interface that accepts a single input argument and returns no result.
customMethodSecurityMetadataSource() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Provides a custom MethodSecurityMetadataSource that is registered with the GlobalMethodSecurityConfiguration.methodSecurityMetadataSource().
customUserType(Class<? extends OAuth2User>, String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig: Deprecated.
See CustomUserTypesOAuth2UserService for alternative usage.

D

DaoAuthenticationConfigurer,U extends org.springframework.security.core.userdetails.UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails: Allows configuring a DaoAuthenticationProvider
DaoAuthenticationConfigurer(U) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.userdetails.DaoAuthenticationConfigurer: Creates a new instance
dataSource(DataSource) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer: Populates the DataSource to be used.
debug() - Method in annotation type org.springframework.security.config.annotation.web.configuration.EnableWebSecurity: Controls debugging support for Spring Security.
debug(boolean) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity: Controls debugging support for Spring Security.
DEBUG - Static variable in class org.springframework.security.config.Elements
DEBUG_FILTER - Static variable in class org.springframework.security.config.BeanIds
DebugBeanDefinitionParser - Class in org.springframework.security.config
DebugBeanDefinitionParser() - Constructor for class org.springframework.security.config.DebugBeanDefinitionParser
decoder(JwtDecoder) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
decorate(Node, BeanDefinitionHolder, ParserContext) - Method in class org.springframework.security.config.http.FilterChainMapBeanDefinitionDecorator
decorate(Node, BeanDefinitionHolder, ParserContext) - Method in class org.springframework.security.config.method.InterceptMethodsBeanDefinitionDecorator
decorate(Node, BeanDefinitionHolder, ParserContext) - Method in class org.springframework.security.config.SecurityNamespaceHandler
DEF_GROUP_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
DEF_GROUP_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
DEF_USER_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
defaultAccessDeniedHandlerFor(AccessDeniedHandler, RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer: Sets a default AccessDeniedHandler to be used which prefers being invoked for the provided RequestMatcher.
defaultAuthenticationEntryPointFor(AuthenticationEntryPoint, RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer: Sets a default AuthenticationEntryPoint to be used which prefers being invoked for the provided RequestMatcher.
DefaultFilterChainValidator - Class in org.springframework.security.config.http
DefaultFilterChainValidator() - Constructor for class org.springframework.security.config.http.DefaultFilterChainValidator
DefaultLoginPageConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds a Filter that will generate a login page if one is not specified otherwise when using EnableWebSecurity.
DefaultLoginPageConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer
defaultLogoutSuccessHandlerFor(LogoutSuccessHandler, RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: Sets a default LogoutSuccessHandler to be used which prefers being invoked for the provided RequestMatcher.
defaultsDisabled() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Clears all of the default headers from the response.
defaultSuccessUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Specifies where users will be redirected after authenticating successfully if they have not visited a secured page prior to authenticating.
defaultSuccessUrl(String, boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Specifies where users will be redirected after authenticating successfully if they have not visited a secured page prior to authenticating or alwaysUse is true.
delegatingApplicationListener() - Static method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
deleteCookies(String...) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: Allows specifying the names of cookies to be removed on logout success.
deny() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig: Specify to DENY framing any content from this application.
denyAll() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
denyAll() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specify that URLs are not allowed by anyone.
denyAll() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl: Deprecated.

Specify that URLs are not allowed by anyone.
denyAll() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint: Deprecated.

Specify that Messages are not allowed by anyone.
denyAll() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access: Deny access for everyone
destroy() - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
disable() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer: Disables the AbstractHttpConfigurer by removing it.
disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CacheControlConfig: Disables Cache Control
disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentTypeOptionsConfig: Removes the X-XSS-Protection header.
disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig: Prevents the header from being added to the response.
disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig: Deprecated.

Prevents the header from being added to the response.
disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig: Disables Strict Transport Security
disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig: Disables X-XSS-Protection header (does not include it)
disable() - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec: Disables anonymous authentication.
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec: Disables CORS support within Spring Security.
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec: Disables CSRF Protection.
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec: Disables HTTP Basic authentication.
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CacheSpec: Disables cache control response headers
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec: Disables the content type options response header
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Disables http response headers
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FrameOptionsSpec: Disables frame options response header
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec: Disables strict transport security response header
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.XssProtectionSpec: Disables the x-xss-protection response header
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec: Disables HTTP Basic authentication.
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec: Disables log out
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec: Disables the ServerHttpSecurity.RequestCacheSpec
disabled(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder: Defines if the account is disabled or not.
dispatcherTypeMatchers(DispatcherType...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Create a List of DispatcherTypeRequestMatcher instances that do not specify an HttpMethod.
dispatcherTypeMatchers(HttpMethod, DispatcherType...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Maps a List of DispatcherTypeRequestMatcher instances.
doBuild() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Executes the build using the SecurityConfigurer's that have been applied using the following steps: Invokes AbstractConfiguredSecurityBuilder.beforeInit() for any subclass to hook into Invokes SecurityConfigurer.init(SecurityBuilder) for any SecurityConfigurer that was applied to this builder. Invokes AbstractConfiguredSecurityBuilder.beforeConfigure() for any subclass to hook into Invokes AbstractConfiguredSecurityBuilder.performBuild() which actually builds the Object
doBuild() - Method in class org.springframework.security.config.annotation.AbstractSecurityBuilder: Subclasses should implement this to perform the build.
doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.authentication.JdbcUserServiceBeanDefinitionParser
doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.authentication.UserServiceBeanDefinitionParser
doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser

E

Elements - Class in org.springframework.security.config: Contains all the element names used by Spring Security 3 namespace support.
Elements() - Constructor for class org.springframework.security.config.Elements
EMBEDDED_APACHE_DS - Static variable in class org.springframework.security.config.BeanIds
EMBEDDED_UNBOUNDID - Static variable in class org.springframework.security.config.BeanIds
EmbeddedLdapServerContextSourceFactoryBean - Class in org.springframework.security.config.ldap: Creates a DefaultSpringSecurityContextSource used to perform LDAP authentication and starts and in-memory LDAP server.
EmbeddedLdapServerContextSourceFactoryBean() - Constructor for class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
EnableGlobalAuthentication - Annotation Type in org.springframework.security.config.annotation.authentication.configuration: The EnableGlobalAuthentication annotation signals that the annotated class can be used to configure a global instance of AuthenticationManagerBuilder.
enableGlobalAuthenticationAutowiredConfigurer(ApplicationContext) - Static method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
EnableGlobalMethodSecurity - Annotation Type in org.springframework.security.config.annotation.method.configuration: Deprecated.
Use EnableMethodSecurity instead
EnableMethodSecurity - Annotation Type in org.springframework.security.config.annotation.method.configuration: Enables Spring Security Method Security.
EnableReactiveMethodSecurity - Annotation Type in org.springframework.security.config.annotation.method.configuration
EnableRSocketSecurity - Annotation Type in org.springframework.security.config.annotation.rsocket: Add this annotation to a Configuration class to have Spring Security RSocketSecurity support added.
enableSessionUrlRewriting(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: If set to true, allows HTTP sessions to be rewritten in the URLs when using HttpServletResponse.encodeRedirectURL(String) or HttpServletResponse.encodeURL(String), otherwise disallows HTTP sessions to be included in the URL.
EnableWebFluxSecurity - Annotation Type in org.springframework.security.config.annotation.web.reactive: Add this annotation to a Configuration class to have Spring Security WebFlux support added.
EnableWebMvcSecurity - Annotation Type in org.springframework.security.config.annotation.web.servlet.configuration: Deprecated.
Use EnableWebSecurity instead which will automatically add the Spring MVC related Security items.
EnableWebSecurity - Annotation Type in org.springframework.security.config.annotation.web.configuration: Add this annotation to an @Configuration class to have the Spring Security configuration defined in any WebSecurityConfigurer or more likely by exposing a SecurityFilterChain bean:
EnableWebSocketSecurity - Annotation Type in org.springframework.security.config.annotation.web.socket: Allows configuring WebSocket Authorization.
eraseCredentials(boolean) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
EXCEPTION_TRANSLATION - org.springframework.security.config.web.server.SecurityWebFiltersOrder
exceptionHandling() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring exception handling.
exceptionHandling() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures exception handling (i.e.
exceptionHandling(Customizer<ExceptionHandlingConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring exception handling.
exceptionHandling(Customizer<ServerHttpSecurity.ExceptionHandlingSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures exception handling (i.e.
ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds exception handling for Spring Security related exceptions to an application.
ExceptionHandlingConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer: Creates a new instance
expiredSessionStrategy(SessionInformationExpiredStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer: Determines the behaviour when an expired session is detected.
expiredUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer: The URL to redirect to if a user tries to access a resource and their session has been expired due to too many sessions for the current user.
EXPRESSION_HANDLER - Static variable in class org.springframework.security.config.Elements
expressionHandler(SecurityExpressionHandler<Message<Object>>) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry: Deprecated.

The SecurityExpressionHandler to be used.
expressionHandler(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity: Set the SecurityExpressionHandler to be used.
expressionHandler(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry: Deprecated.

Allows customization of the SecurityExpressionHandler to be used.
ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Deprecated.
Use AuthorizeHttpRequestsConfigurer instead
ExpressionUrlAuthorizationConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer: Deprecated.

Creates a new instance
ExpressionUrlAuthorizationConfigurer.AuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers: Deprecated.
ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry - Class in org.springframework.security.config.annotation.web.configurers: Deprecated.
ExpressionUrlAuthorizationConfigurer.MvcMatchersAuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers: Deprecated.

An ExpressionUrlAuthorizationConfigurer.AuthorizedUrl that allows optionally configuring the MvcRequestMatcher.setMethod(HttpMethod)

F

FACEBOOK - org.springframework.security.config.oauth2.client.CommonOAuth2Provider
failureForwardUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer: Forward Authentication Failure Handler
failureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Specifies the AuthenticationFailureHandler to use when authentication fails.
failureUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: The URL to send users if authentication fails.
featurePolicy(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Deprecated.
Use HeadersConfigurer.permissionsPolicy(Customizer) instead.
featurePolicy(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Deprecated.
Use ServerHttpSecurity.HeaderSpec.permissionsPolicy(Customizer) instead.
FILTER_CHAIN - Static variable in class org.springframework.security.config.Elements
FILTER_CHAIN_MAP - Static variable in class org.springframework.security.config.Elements
FILTER_CHAIN_PROXY - Static variable in class org.springframework.security.config.BeanIds
FILTER_CHAINS - Static variable in class org.springframework.security.config.BeanIds
FILTER_SECURITY_METADATA_SOURCE - Static variable in class org.springframework.security.config.Elements
FilterChainBeanDefinitionParser - Class in org.springframework.security.config.http
FilterChainBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.FilterChainBeanDefinitionParser
FilterChainMapBeanDefinitionDecorator - Class in org.springframework.security.config.http: Sets the filter chain Map for a FilterChainProxy bean declaration.
FilterChainMapBeanDefinitionDecorator() - Constructor for class org.springframework.security.config.http.FilterChainMapBeanDefinitionDecorator
FilterInvocationSecurityMetadataSourceParser - Class in org.springframework.security.config.http: Deprecated.
Use `use-authorization-manager` property instead
FilterInvocationSecurityMetadataSourceParser() - Constructor for class org.springframework.security.config.http.FilterInvocationSecurityMetadataSourceParser: Deprecated.
filterSecurityInterceptorOncePerRequest(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry: Deprecated.

Allows setting if the FilterSecurityInterceptor should be only applied once per request (i.e.
FIRST - org.springframework.security.config.web.server.SecurityWebFiltersOrder
FORM_LOGIN - org.springframework.security.config.web.server.SecurityWebFiltersOrder: Instance of AuthenticationWebFilter
FORM_LOGIN - Static variable in class org.springframework.security.config.Elements
formLogin() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Specifies to support form based authentication.
formLogin() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures form based authentication.
formLogin(Customizer<FormLoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Specifies to support form based authentication.
formLogin(Customizer<ServerHttpSecurity.FormLoginSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures form based authentication.
FormLoginBeanDefinitionParser - Class in org.springframework.security.config.http
FormLoginConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds form based authentication.
FormLoginConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer: Creates a new instance
frameOptions() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows customizing the XFrameOptionsHeaderWriter.
frameOptions() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures frame options response headers
frameOptions(Customizer<HeadersConfigurer.FrameOptionsConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows customizing the XFrameOptionsHeaderWriter.
frameOptions(Customizer<ServerHttpSecurity.HeaderSpec.FrameOptionsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures frame options response headers
fromEmbeddedLdapServer() - Static method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean: Create an EmbeddedLdapServerContextSourceFactoryBean that will use an embedded LDAP server to perform LDAP authentication.
fromResource(Resource) - Static method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean: Create a ReactiveUserDetailsServiceResourceFactoryBean with a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
fromResource(Resource) - Static method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean: Create a UserDetailsResourceFactoryBean with a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
fromResource(Resource) - Static method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean: Create a UserDetailsManagerResourceFactoryBean with a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
fromResourceLocation(String) - Static method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean: Create a ReactiveUserDetailsServiceResourceFactoryBean with the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
fromResourceLocation(String) - Static method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean: Create a UserDetailsResourceFactoryBean with the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
fromResourceLocation(String) - Static method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean: Create a UserDetailsManagerResourceFactoryBean with the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
fromString(String) - Static method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean: Create a ReactiveUserDetailsServiceResourceFactoryBean with a String that is in the format defined in UserDetailsResourceFactoryBean.
fromString(String) - Static method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean: Creates a UserDetailsResourceFactoryBean with a resource from the provided String
fromString(String) - Static method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean: Create a UserDetailsManagerResourceFactoryBean with a String that is in the format defined in UserDetailsResourceFactoryBean.
fullyAuthenticated() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specify that URLs are allowed by users who have authenticated and were not "remembered".
fullyAuthenticated() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl: Deprecated.

Specify that URLs are allowed by users who have authenticated and were not "remembered".
fullyAuthenticated() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint: Deprecated.

Specify that Messages are allowed by users who have authenticated and were not "remembered".

G

getApplicationContext() - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Gets the ApplicationContext
getApplicationContext() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter: Deprecated.

Gets the ApplicationContext
getAuthenticationConverter() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
getAuthenticationEntryPoint() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Gets the Authentication Entry Point
getAuthenticationEntryPointMatcher(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
getAuthenticationFilter() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Gets the Authentication Filter
getAuthenticationManager() - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
getAuthenticationManager() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
getAuthoritiesMapper() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: Gets the GrantedAuthoritiesMapper and defaults to SimpleAuthorityMapper.
getBeanClassName(Element) - Method in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
getBeanClassName(Element) - Method in class org.springframework.security.config.authentication.JdbcUserServiceBeanDefinitionParser
getBeanClassName(Element) - Method in class org.springframework.security.config.authentication.UserServiceBeanDefinitionParser
getBeanClassName(Element) - Method in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
getBuilder() - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter: Gets the SecurityBuilder.
getBuilder(String) - Method in enum org.springframework.security.config.oauth2.client.CommonOAuth2Provider: Create a new ClientRegistration.Builder pre-configured with provider defaults.
getBuilder(String, ClientAuthenticationMethod, String) - Method in enum org.springframework.security.config.oauth2.client.CommonOAuth2Provider
getConfigurer(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Gets the SecurityConfigurer by its class name or null if not found.
getConfigurer(Class<C>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder: Gets the SecurityConfigurer by its class name or null if not found.
getConfigurers(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Gets all the SecurityConfigurer instances by its class name or an empty List if not found.
getContextSource() - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory: Gets the BaseLdapPathContextSource used to perform LDAP authentication.
getDatabasePopulator() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
getDefaultUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder: Gets the default UserDetailsService for the AuthenticationManagerBuilder.
getExpressionHandler() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Gets the MethodSecurityExpressionHandler or creates it using GlobalMethodSecurityConfiguration.expressionHandler.
getExpressionHandler() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity: Gets the SecurityExpressionHandler to be used.
getFailureUrl() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Gets the URL to send users to if authentication fails
getHttp() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter: Deprecated.

Creates the HttpSecurity or returns the current instance
getIntrospector() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
getJwtAuthenticationConverter() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
getJwtDecoder() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
getLoginPage() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Gets the login page
getLoginProcessingUrl() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Gets the URL to submit an authentication request to (i.e.
getLogoutHandlers() - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: Gets the LogoutHandler instances that will be used.
getLogoutSuccessHandler() - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: Gets the LogoutSuccessHandler if not null, otherwise creates a new SimpleUrlLogoutSuccessHandler using the LogoutConfigurer.logoutSuccessUrl(String).
getMatchers() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
getMatchers() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl: Deprecated.
getMatchers() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl: Deprecated.
getObject() - Method in class org.springframework.security.config.annotation.AbstractSecurityBuilder: Gets the object that was built.
getObject() - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
getObject() - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
getObject() - Method in class org.springframework.security.config.core.userdetails.UserDetailsMapFactoryBean
getObject() - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
getObject() - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean
getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
getObject() - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
getObjectType() - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
getObjectType() - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
getObjectType() - Method in class org.springframework.security.config.core.userdetails.UserDetailsMapFactoryBean
getObjectType() - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
getObjectType() - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean
getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
getObjectType() - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
getOrBuild() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Similar to AbstractSecurityBuilder.build() and AbstractSecurityBuilder.getObject() but checks the state to determine if AbstractSecurityBuilder.build() needs to be called first.
getOrder() - Method in enum org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
getOrder() - Method in class org.springframework.security.config.ldap.ContextSourceSettingPostProcessor
getOrder() - Method in enum org.springframework.security.config.web.server.SecurityWebFiltersOrder
getPasswordEncoder() - Method in class org.springframework.security.config.authentication.PasswordEncoderParser
getPrivilegeEvaluator() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity: Gets the WebInvocationPrivilegeEvaluator to be used.
getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer: The AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry is what users will interact with after applying the AuthorizeHttpRequestsConfigurer.
getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer
getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer: Deprecated.
getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer: Deprecated.

The StandardInterceptUrlRegistry is what users will interact with after applying the UrlAuthorizationConfigurer.
getRolePrefix() - Method in class org.springframework.security.config.core.GrantedAuthorityDefaults: The default prefix used with role based authorization.
getSecurityContextHolderStrategy() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
getSharedObject(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Gets a shared Object.
getSharedObject(Class<C>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder: Gets a shared Object.
getSharedObjects() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Gets the shared objects
getSource(Element, ParserContext) - Method in class org.springframework.security.config.http.CorsBeanDefinitionParser
getUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
getUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer: Gets the UserDetailsService that is used with the DaoAuthenticationProvider
getUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsAwareConfigurer: Gets the UserDetailsService or null if it is not available
getWebSecurityConfigurers() - Method in class org.springframework.security.config.annotation.web.configuration.AutowiredWebSecurityConfigurersIgnoreParents
GITHUB - org.springframework.security.config.oauth2.client.CommonOAuth2Provider
GLOBAL_METHOD_SECURITY - Static variable in class org.springframework.security.config.Elements
GlobalAuthenticationConfigurerAdapter - Class in org.springframework.security.config.annotation.authentication.configuration: A SecurityConfigurer that can be exposed as a bean to configure the global AuthenticationManagerBuilder.
GlobalAuthenticationConfigurerAdapter() - Constructor for class org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter
GlobalMethodSecurityBeanDefinitionParser - Class in org.springframework.security.config.method: Deprecated.
Use MethodSecurityBeanDefinitionParser instead
GlobalMethodSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser: Deprecated.
GlobalMethodSecurityConfiguration - Class in org.springframework.security.config.annotation.method.configuration: Deprecated.
Use PrePostMethodSecurityConfiguration, SecuredMethodSecurityConfiguration, or Jsr250MethodSecurityConfiguration instead
GlobalMethodSecurityConfiguration() - Constructor for class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.
GOOGLE - org.springframework.security.config.oauth2.client.CommonOAuth2Provider
GrantedAuthorityDefaults - Class in org.springframework.security.config.core: Allows providing defaults for GrantedAuthority
GrantedAuthorityDefaults(String) - Constructor for class org.springframework.security.config.core.GrantedAuthorityDefaults
groupAuthoritiesByUsername(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer: An SQL statement to query user's group authorities given a username.
groupRoleAttribute(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: Specifies the attribute name which contains the role name.
groupSearchBase(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: The search base for group membership searches.
groupSearchFilter(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: The LDAP filter to search for groups.
groupSearchSubtree(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: If set to true, a subtree scope search will be performed for group membership.

H

hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specifies that a user requires one of many authorities.
hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl: Deprecated.

Specify that URLs requires any of a number authorities.
hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl: Deprecated.

Specifies that a user requires one of many authorities
hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint: Deprecated.

Specify that Message instances requires any of a number authorities.
hasAnyAuthority(String...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access: Require any authority
hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specifies that a user requires one of many roles.
hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl: Deprecated.

Shortcut for specifying URLs require any of a number of roles.
hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl: Deprecated.

Specifies that a user requires one of many roles.
hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint: Deprecated.

Shortcut for specifying Message instances require any of a number of roles.
hasAnyRole(String...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access: Require any specific role.
hasAuthority(String) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
hasAuthority(String) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specifies a user requires an authority.
hasAuthority(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl: Deprecated.

Specify that URLs require a particular authority.
hasAuthority(String) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl: Deprecated.

Specifies a user requires an authority.
hasAuthority(String) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint: Deprecated.

Specify that Message instances require a particular authority.
hasAuthority(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access: Require a specific authority.
hasIpAddress(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl: Deprecated.

Specify that URLs requires a specific IP Address or subnet.
hasIpAddress(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access: Require a specific IP address or range using an IP/Netmask (e.g.
hasRole(String) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
hasRole(String) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specifies a user requires a role.
hasRole(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl: Deprecated.

Shortcut for specifying URLs require a particular role.
hasRole(String) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl: Deprecated.

Specifies a user requires a role.
hasRole(String) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint: Deprecated.

Shortcut for specifying Message instances require a particular role.
hasRole(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access: Require a specific role.
headers() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Adds the Security headers to the response.
headers() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures HTTP Response Headers.
headers(Customizer<HeadersConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Adds the Security headers to the response.
headers(Customizer<ServerHttpSecurity.HeaderSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures HTTP Response Headers.
HEADERS - Static variable in class org.springframework.security.config.Elements
HeadersBeanDefinitionParser - Class in org.springframework.security.config.http: Parser for the HeadersFilter.
HeadersBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.HeadersBeanDefinitionParser
HeadersConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds the Security HTTP headers to the response.
HeadersConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Creates a new instance
HeadersConfigurer.CacheControlConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.ContentSecurityPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.ContentTypeOptionsConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.CrossOriginEmbedderPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.CrossOriginOpenerPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.CrossOriginResourcePolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.FeaturePolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.FrameOptionsConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.HpkpConfig - Class in org.springframework.security.config.annotation.web.configurers: Deprecated.
see Certificate and Public Key Pinning for more context
HeadersConfigurer.HstsConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.PermissionsPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.ReferrerPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
HeadersConfigurer.XXssConfig - Class in org.springframework.security.config.annotation.web.configurers
headerValue(XXssProtectionHeaderWriter.HeaderValue) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig: Sets the value of the X-XSS-PROTECTION header.
headerValue(XXssProtectionServerHttpHeadersWriter.HeaderValue) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.XssProtectionSpec: Sets the value of x-xss-protection header.
hsts() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures the Strict Transport Security response headers
hsts(Customizer<ServerHttpSecurity.HeaderSpec.HstsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures the Strict Transport Security response headers
http() - Static method in class org.springframework.security.config.web.server.ServerHttpSecurity: Creates a new instance.
http(int) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer: Adds a port mapping
HTTP - Static variable in class org.springframework.security.config.Elements
HTTP_BASIC - org.springframework.security.config.web.server.SecurityWebFiltersOrder: Instance of AuthenticationWebFilter
HTTP_FIREWALL - Static variable in class org.springframework.security.config.Elements
HTTP_HEADERS_WRITER - org.springframework.security.config.web.server.SecurityWebFiltersOrder
httpBasic() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures HTTP Basic authentication.
httpBasic() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures HTTP Basic authentication.
httpBasic(Customizer<HttpBasicConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures HTTP Basic authentication.
httpBasic(Customizer<ServerHttpSecurity.HttpBasicSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures HTTP Basic authentication.
HttpBasicConfigurer> - Class in org.springframework.security.config.annotation.web.configurers: Adds HTTP basic based authentication.
HttpBasicConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer: Creates a new instance
httpFirewall(HttpFirewall) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity: Allows customizing the HttpFirewall.
HttpFirewallBeanDefinitionParser - Class in org.springframework.security.config.http: Injects the supplied HttpFirewall bean reference into the FilterChainProxy.
HttpFirewallBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.HttpFirewallBeanDefinitionParser
httpPublicKeyPinning() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Deprecated.
see Certificate and Public Key Pinning for more context
httpPublicKeyPinning(Customizer<HeadersConfigurer.HpkpConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Deprecated.
see Certificate and Public Key Pinning for more context
HTTPS_REDIRECT - org.springframework.security.config.web.server.SecurityWebFiltersOrder: HttpsRedirectWebFilter
HttpSecurity - Class in org.springframework.security.config.annotation.web.builders: A HttpSecurity is similar to Spring Security's XML <http> element in the namespace configuration.
HttpSecurity(ObjectPostProcessor<Object>, AuthenticationManagerBuilder, Map<Class<?>, Object>) - Constructor for class org.springframework.security.config.annotation.web.builders.HttpSecurity: Creates a new instance
HttpSecurity.MvcMatchersRequestMatcherConfigurer - Class in org.springframework.security.config.annotation.web.builders: An extension to HttpSecurity.RequestMatcherConfigurer that allows optionally configuring the servlet path.
HttpSecurity.RequestMatcherConfigurer - Class in org.springframework.security.config.annotation.web.builders: Allows mapping HTTP requests that this HttpSecurity will be used for
HttpSecurityBeanDefinitionParser - Class in org.springframework.security.config.http: Sets up HTTP security: filter stack and protected URLs.
HttpSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser
HttpSecurityBuilder<H extends HttpSecurityBuilder<H>> - Interface in org.springframework.security.config.annotation.web
HttpsRedirectSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec
httpsRedirectWhen(Function<ServerWebExchange, Boolean>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec: Configures when this filter should redirect to https By default, the filter will redirect whenever an exchange's scheme is not https
httpsRedirectWhen(ServerWebExchangeMatcher...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec: Configures when this filter should redirect to https By default, the filter will redirect whenever an exchange's scheme is not https
httpStrictTransportSecurity() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows customizing the HstsHeaderWriter which provides support for HTTP Strict Transport Security (HSTS).
httpStrictTransportSecurity(Customizer<HeadersConfigurer.HstsConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows customizing the HstsHeaderWriter which provides support for HTTP Strict Transport Security (HSTS).

I

identifierPattern(String) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer: Deprecated.

Sets the regular expression for matching on OpenID's (i.e.
IF_REQUIRED - org.springframework.security.config.http.SessionCreationPolicy: Spring Security will only create an HttpSession if required
ignoring() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity: Allows adding RequestMatcher instances that Spring Security should ignore.
ignoringAntMatchers(String...) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer: Deprecated.
use CsrfConfigurer.ignoringRequestMatchers(RequestMatcher...) with an AntPathRequestMatcher instead
ignoringRequestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer: Allows specifying HttpServletRequest that should not use CSRF Protection even if they match the CsrfConfigurer.requireCsrfProtectionMatcher(RequestMatcher).
ignoringRequestMatchers(RequestMatcher...) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer: Allows specifying HttpServletRequests that should not use CSRF Protection even if they match the CsrfConfigurer.requireCsrfProtectionMatcher(RequestMatcher).
ImplicitGrantConfigurer> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client: Deprecated.
It is not recommended to use the implicit flow due to the inherent risks of returning access tokens in an HTTP redirect without any confirmation that it has been received by the client. See reference OAuth 2.0 Implicit Grant.
ImplicitGrantConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.ImplicitGrantConfigurer: Deprecated.
inboundChannelSecurity(MessageSecurityMetadataSource) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer: Deprecated.
inboundMessageSecurityMetadataSource() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer: Deprecated.
includeSubdomains(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec: Configures if subdomains should be included.
includeSubDomains(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig: Deprecated.

If true, the pinning policy applies to this pinned host as well as any subdomains of the host's domain name.
includeSubDomains(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig: If true, subdomains should be considered HSTS Hosts too.
INET_ORG_PERSON_MAPPER_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
init() - Method in class org.springframework.security.config.SecurityNamespaceHandler
init(B) - Method in interface org.springframework.security.config.annotation.SecurityConfigurer: Initialize the SecurityBuilder.
init(B) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
init(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
init(B) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
init(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
init(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
init(B) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer: Initialize the SecurityBuilder.
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer: Populates a PreAuthenticatedAuthenticationProvider into HttpSecurity.authenticationProvider(org.springframework.security.authentication.AuthenticationProvider) and a Http403ForbiddenEntryPoint into HttpSecurityBuilder.setSharedObject(Class, Object)
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer: Deprecated.
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
init(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter
init(WebSecurity) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter: Deprecated.
initializeAuthenticationProviderBeanManagerConfigurer(ApplicationContext) - Static method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
initializeUserDetailsBeanManagerConfigurer(ApplicationContext) - Static method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
initUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
initUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer: Populates the users that have been added.
initUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer: Allows subclasses to initialize the UserDetailsService.
inMemoryAuthentication() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder: Add in memory authentication to the AuthenticationManagerBuilder and return a InMemoryUserDetailsManagerConfigurer to allow customization of the in memory authentication.
InMemoryUserDetailsManagerConfigurer> - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning: Configures an AuthenticationManagerBuilder to have in memory authentication.
InMemoryUserDetailsManagerConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer: Creates a new instance
INTERCEPT_MESSAGE - Static variable in class org.springframework.security.config.Elements
INTERCEPT_METHODS - Static variable in class org.springframework.security.config.Elements
INTERCEPT_URL - Static variable in class org.springframework.security.config.Elements
InterceptMethodsBeanDefinitionDecorator - Class in org.springframework.security.config.method
InterceptMethodsBeanDefinitionDecorator() - Constructor for class org.springframework.security.config.method.InterceptMethodsBeanDefinitionDecorator
introspectionClientCredentials(String, String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
introspectionClientCredentials(String, String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec: Configures the credentials for Introspection endpoint
introspectionUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
introspectionUri(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec: Configures the URI of the Introspection endpoint
introspector(OpaqueTokenIntrospector) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
introspector(ReactiveOpaqueTokenIntrospector) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
invalidateHttpSession(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: Configures SecurityContextLogoutHandler to invalidate the HttpSession at the time of logout.
invalidSessionStrategy(InvalidSessionStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Setting this attribute will inject the provided invalidSessionStrategy into the SessionManagementFilter.
invalidSessionUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Setting this attribute will inject the SessionManagementFilter with a SimpleRedirectInvalidSessionStrategy configured with the attribute value.
INVOCATION_ATTRIBUTE_FACTORY - Static variable in class org.springframework.security.config.Elements
INVOCATION_HANDLING - Static variable in class org.springframework.security.config.Elements
isConfigured() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder: Determines if the AuthenticationManagerBuilder is configured to build a non null AuthenticationManager.
isCustomLoginPage() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
isSimpDestPathMatcherConfigured() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry: Deprecated.

Determines if the MessageSecurityMetadataSourceRegistry.simpDestPathMatcher(PathMatcher) has been explicitly set.
isSingleton() - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean

J

j2eePreAuthenticatedProcessingFilter(J2eePreAuthenticatedProcessingFilter) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer: Allows specifying the J2eePreAuthenticatedProcessingFilter to use.
JDBC_USER_SERVICE - Static variable in class org.springframework.security.config.Elements
jdbcAuthentication() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder: Add JDBC authentication to the AuthenticationManagerBuilder and return a JdbcUserDetailsManagerConfigurer to allow customization of the JDBC authentication.
JdbcUserDetailsManagerConfigurer> - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning: Configures an AuthenticationManagerBuilder to have JDBC authentication.
JdbcUserDetailsManagerConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
JdbcUserDetailsManagerConfigurer(JdbcUserDetailsManager) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
JdbcUserServiceBeanDefinitionParser - Class in org.springframework.security.config.authentication
JdbcUserServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.JdbcUserServiceBeanDefinitionParser
jee() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures container based pre authentication.
jee(Customizer<JeeConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures container based pre authentication.
JEE - Static variable in class org.springframework.security.config.Elements
JeeConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds support for J2EE pre authentication.
JeeConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.JeeConfigurer: Creates a new instance
Jsr250AuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
jsr250Enabled() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity: Deprecated.

Determines if JSR-250 annotations should be enabled.
jsr250Enabled() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity: Determines if JSR-250 annotations should be enabled.
jwkSetUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
jwkSetUri(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec: Configures a ReactiveJwtDecoder using JSON Web Key (JWK) URL
jwt() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
jwt() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec: Enables JWT Resource Server support.
jwt(Customizer<RSocketSecurity.JwtSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
jwt(Customizer<OAuth2ResourceServerConfigurer.JwtConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer: Enables Jwt-encoded bearer token support.
jwt(Customizer<ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec: Enables JWT Resource Server support.
JWT - Static variable in class org.springframework.security.config.Elements
JWT_AUTHENTICATION - org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder: Where JWT based authentication is performed.
jwtAuthenticationConverter(Converter<Jwt, ? extends AbstractAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
jwtAuthenticationConverter(Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec: Configures the Converter to use for converting a Jwt into an AbstractAuthenticationToken.
jwtDecoder(ReactiveJwtDecoder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec: Configures the ReactiveJwtDecoder to use
JwtSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec

K

key(String) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer: Sets the key to identify tokens created for anonymous authentication.
key(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: Sets the key to identify tokens created for remember me authentication.
key(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec: Sets the key to identify tokens created for anonymous authentication.

L

LAST - org.springframework.security.config.web.server.SecurityWebFiltersOrder
LDAP_AUTHORITIES_POPULATOR_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
LDAP_PASSWORD_COMPARE - Static variable in class org.springframework.security.config.Elements
LDAP_PROVIDER - Static variable in class org.springframework.security.config.Elements
LDAP_SEARCH_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
LDAP_SERVER - Static variable in class org.springframework.security.config.Elements
LDAP_USER_MAPPER_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
LDAP_USER_SERVICE - Static variable in class org.springframework.security.config.Elements
ldapAuthentication() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder: Add LDAP authentication to the AuthenticationManagerBuilder and return a LdapAuthenticationProviderConfigurer to allow customization of the LDAP authentication.
LdapAuthenticationProviderConfigurer> - Class in org.springframework.security.config.annotation.authentication.configurers.ldap: Configures LDAP AuthenticationProvider in the ProviderManagerBuilder.
LdapAuthenticationProviderConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
LdapAuthenticationProviderConfigurer.ContextSourceBuilder - Class in org.springframework.security.config.annotation.authentication.configurers.ldap: Allows building a BaseLdapPathContextSource and optionally creating an embedded LDAP instance.
LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer - Class in org.springframework.security.config.annotation.authentication.configurers.ldap: Sets up Password based comparison
ldapAuthoritiesPopulator(LdapAuthoritiesPopulator) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: Specifies the LdapAuthoritiesPopulator.
LdapBindAuthenticationManagerFactory - Class in org.springframework.security.config.ldap: Creates an AuthenticationManager that can perform LDAP authentication using bind authentication.
LdapBindAuthenticationManagerFactory(BaseLdapPathContextSource) - Constructor for class org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory
LdapPasswordComparisonAuthenticationManagerFactory - Class in org.springframework.security.config.ldap: Creates an AuthenticationManager that can perform LDAP authentication using password comparison.
LdapPasswordComparisonAuthenticationManagerFactory(BaseLdapPathContextSource, PasswordEncoder) - Constructor for class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory
LdapProviderBeanDefinitionParser - Class in org.springframework.security.config.ldap: Ldap authentication provider namespace configuration.
LdapProviderBeanDefinitionParser() - Constructor for class org.springframework.security.config.ldap.LdapProviderBeanDefinitionParser
LdapServerBeanDefinitionParser - Class in org.springframework.security.config.ldap
LdapServerBeanDefinitionParser() - Constructor for class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser
LdapUserServiceBeanDefinitionParser - Class in org.springframework.security.config.ldap
LdapUserServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
ldif(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder: Specifies an ldif to load at startup for an embedded LDAP server.
logger - Variable in class org.springframework.security.config.http.FormLoginBeanDefinitionParser
LOGIN_PAGE_GENERATING - org.springframework.security.config.web.server.SecurityWebFiltersOrder
loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Specifies the URL to send users to if login is required.
loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer: Specifies the URL to send users to if login is required.
loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer: Deprecated.

Specifies the URL to send users to if login is required.
loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
loginPage(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec: Configures the log in page to redirect to, the authentication failure page, and when authentication is performed.
loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Specifies the URL to validate the credentials.
loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer: Deprecated.

Specifies the URL used to authenticate OpenID requests.
loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer: Specifies the URL to validate the credentials.
logout() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Provides logout support.
logout() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures log out.
logout(Customizer<LogoutConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Provides logout support.
logout(Customizer<ServerHttpSecurity.LogoutSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures log out.
LOGOUT - org.springframework.security.config.web.server.SecurityWebFiltersOrder
LOGOUT - Static variable in class org.springframework.security.config.Elements
LOGOUT_PAGE_GENERATING - org.springframework.security.config.web.server.SecurityWebFiltersOrder
LogoutConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds logout support.
LogoutConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: Creates a new instance
logoutHandler(ServerLogoutHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec: Configures the logout handler.
logoutRequest() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer: Get configurer for SAML 2.0 Logout Request components
logoutRequest(Customizer<Saml2LogoutConfigurer.LogoutRequestConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer: Configures SAML 2.0 Logout Request components
logoutRequestMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: The RequestMatcher that triggers log out to occur.
logoutRequestRepository(Saml2LogoutRequestRepository) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer: Use this Saml2LogoutRequestRepository for storing logout requests
logoutRequestResolver(Saml2LogoutRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer: Use this Saml2LogoutRequestResolver for producing a logout request to send to the asserting party
logoutRequestValidator(Saml2LogoutRequestValidator) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer: Use this LogoutHandler for processing a logout request from the asserting party
logoutResponse() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer: Get configurer for SAML 2.0 Logout Response components
logoutResponse(Customizer<Saml2LogoutConfigurer.LogoutResponseConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer: Configures SAML 2.0 Logout Request components
logoutResponseResolver(Saml2LogoutResponseResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer: Use this Saml2LogoutRequestResolver for producing a logout response to send to the asserting party
logoutResponseValidator(Saml2LogoutResponseValidator) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer: Use this LogoutHandler for processing a logout response from the asserting party
logoutSuccessHandler(LogoutSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: Sets the LogoutSuccessHandler to use.
logoutSuccessHandler(ServerLogoutSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
logoutSuccessUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: The URL to redirect to after logout has occurred.
logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: The URL that triggers log out to occur (default is "/logout").
logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer: The URL by which the asserting party can send a SAML 2.0 Logout Request
logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer: The URL by which the asserting party can send a SAML 2.0 Logout Response
logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer: The URL by which the relying or asserting party can trigger logout.
logoutUrl(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec: Configures what URL a POST to will trigger a log out.

M

managerDn(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder: Username (DN) of the "manager" user identity (i.e.
managerPassword(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder: The password for the manager DN.
mappableAuthorities(String...) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer: Specifies roles to use map from the HttpServletRequest to the UserDetails.
mappableAuthorities(Set<String>) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer: Specifies roles to use map from the HttpServletRequest to the UserDetails.
mappableRoles(String...) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer: Specifies roles to use map from the HttpServletRequest to the UserDetails and automatically prefixes it with "ROLE_".
mapsTo(int) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer.HttpPortMapping: Maps the given HTTP port to the provided HTTPS port and vice versa.
matcher(PayloadExchangeMatcher) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
matchers - Variable in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer
matchers(MessageMatcher<?>...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry: Deprecated.

Maps a List of MessageMatcher instances to a security expression.
matchers(ServerWebExchangeMatcher...) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry: Associates a list of ServerWebExchangeMatcher instances
MatcherType - Enum in org.springframework.security.config.http: Defines the RequestMatcher types supported by the namespace.
maxAge(Duration) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec: Configures the max age.
maxAgeInSeconds(long) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig: Deprecated.

Sets the value (in seconds) for the max-age directive of the Public-Key-Pins header.
maxAgeInSeconds(long) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig: Sets the value (in seconds) for the max-age directive of the Strict-Transport-Security header.
maximumSessions(int) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer: Controls the maximum number of sessions for a user.
maximumSessions(int) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Controls the maximum number of sessions for a user.
maxSessionsPreventsLogin(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer: If true, prevents a user from authenticating when the SessionManagementConfigurer.ConcurrencyControlConfigurer.maximumSessions(int) has been reached.
MessageSecurityMetadataSourceRegistry - Class in org.springframework.security.config.annotation.web.messaging: Deprecated.
Use MessageMatcherDelegatingAuthorizationManager instead
MessageSecurityMetadataSourceRegistry() - Constructor for class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry: Deprecated.
MessageSecurityMetadataSourceRegistry.Constraint - Class in org.springframework.security.config.annotation.web.messaging: Deprecated.

Represents the security constraint to be applied to the MessageMatcher instances.
METHOD_ACCESS_MANAGER - Static variable in class org.springframework.security.config.BeanIds
METHOD_SECURITY - Static variable in class org.springframework.security.config.Elements
METHOD_SECURITY_METADATA_SOURCE - Static variable in class org.springframework.security.config.Elements
METHOD_SECURITY_METADATA_SOURCE_ADVISOR - Static variable in class org.springframework.security.config.BeanIds
MethodSecurityBeanDefinitionParser - Class in org.springframework.security.config.method: Processes the top-level "method-security" element.
MethodSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser
MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor - Class in org.springframework.security.config.method
MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean - Class in org.springframework.security.config.method
MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor - Class in org.springframework.security.config.method
MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor - Class in org.springframework.security.config.method
MethodSecurityExpressionHandlerBean() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean
methodSecurityInterceptor(MethodSecurityMetadataSource) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Creates the default MethodInterceptor which is a MethodSecurityInterceptor using the following methods to construct it.
methodSecurityMetadataSource() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Provides the default MethodSecurityMetadataSource that will be used.
MethodSecurityMetadataSourceBeanDefinitionParser - Class in org.springframework.security.config.method: Deprecated.
Use <intercept-methods>, <method-security>, or @EnableMethodSecurity
MethodSecurityMetadataSourceBeanDefinitionParser() - Constructor for class org.springframework.security.config.method.MethodSecurityMetadataSourceBeanDefinitionParser: Deprecated.
migrateSession() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer: Specifies that a new session should be created and the session attributes from the original HttpSession should be retained.
MISSING_BEAN_ERROR_MESSAGE - Static variable in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
mode() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity: Deprecated.

Indicate how security advice should be applied.
mode() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity: Indicate how security advice should be applied.
mode() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity: Indicate how security advice should be applied.
mode(XFrameOptionsServerHttpHeadersWriter.Mode) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FrameOptionsSpec: The mode to configure.
mvc - org.springframework.security.config.http.MatcherType
mvcMatcher(String) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Deprecated.
use HttpSecurity.securityMatcher(String...) instead
mvcMatchers(String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Deprecated.
use AbstractRequestMatcherRegistry.requestMatchers(String...) instead
mvcMatchers(String...) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer: Deprecated.
use AbstractRequestMatcherRegistry.requestMatchers(String...) instead
mvcMatchers(String...) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer: Deprecated.
use AbstractRequestMatcherRegistry.requestMatchers(String...) instead
mvcMatchers(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry: Deprecated.
use AbstractRequestMatcherRegistry.requestMatchers(String...) instead
mvcMatchers(String...) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry: Deprecated.
use AbstractRequestMatcherRegistry.requestMatchers(String...) instead
mvcMatchers(String...) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry: Deprecated.
use AbstractRequestMatcherRegistry.requestMatchers(String...) instead
mvcMatchers(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry: Deprecated.
use AbstractRequestMatcherRegistry.requestMatchers(String...) instead
mvcMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Deprecated.
use AbstractRequestMatcherRegistry.requestMatchers(HttpMethod, String...) instead
mvcMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer: Deprecated.
use AbstractRequestMatcherRegistry.requestMatchers(HttpMethod, String...) instead
mvcMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer: Deprecated.
use AbstractRequestMatcherRegistry.requestMatchers(HttpMethod, String...) instead
mvcMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry: Deprecated.
use AbstractRequestMatcherRegistry.requestMatchers(HttpMethod, String...) instead
mvcMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry: Deprecated.
use AbstractRequestMatcherRegistry.requestMatchers(HttpMethod, String...) instead
mvcMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry: Deprecated.
use AbstractRequestMatcherRegistry.requestMatchers(HttpMethod, String...) instead
mvcMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry: Deprecated.
use AbstractRequestMatcherRegistry.requestMatchers(HttpMethod, String...) instead

N

name(String) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer.AttributeConfigurer: Deprecated.

The OpenID attribute name.
NEVER - org.springframework.security.config.http.SessionCreationPolicy: Spring Security will never create an HttpSession, but will use the HttpSession if it already exists
newSession() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer: Specifies that a new session should be created, but the session attributes from the original HttpSession should not be retained.
none() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer: Specifies that no session fixation protection should be enabled.
not() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl: Deprecated.

Negates the following expression.
NullAuthenticationProvider() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider
nullDestMatcher() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry: Deprecated.

Maps any Message that has a null SimpMessageHeaderAccessor destination header (i.e.

O

OAUTH2_AUTHORIZATION_CODE - org.springframework.security.config.web.server.SecurityWebFiltersOrder
OAUTH2_CLIENT - Static variable in class org.springframework.security.config.Elements
OAUTH2_LOGIN - Static variable in class org.springframework.security.config.Elements
OAUTH2_RESOURCE_SERVER - Static variable in class org.springframework.security.config.Elements
oauth2Client() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures OAuth 2.0 Client support.
oauth2Client() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures the OAuth2 client.
oauth2Client(Customizer<OAuth2ClientConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures OAuth 2.0 Client support.
oauth2Client(Customizer<ServerHttpSecurity.OAuth2ClientSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures the OAuth2 client.
OAuth2ClientConfigurer> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client: An AbstractHttpConfigurer for OAuth 2.0 Client support.
OAuth2ClientConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client: Configuration options for the OAuth 2.0 Authorization Code Grant.
oauth2Login() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.
oauth2Login() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.
oauth2Login(Customizer<OAuth2LoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.
oauth2Login(Customizer<ServerHttpSecurity.OAuth2LoginSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.
OAuth2LoginConfigurer> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client: An AbstractHttpConfigurer for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.
OAuth2LoginConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
OAuth2LoginConfigurer.AuthorizationEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client: Configuration options for the Authorization Server's Authorization Endpoint.
OAuth2LoginConfigurer.RedirectionEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client: Configuration options for the Client's Redirection Endpoint.
OAuth2LoginConfigurer.TokenEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client: Configuration options for the Authorization Server's Token Endpoint.
OAuth2LoginConfigurer.UserInfoEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client: Configuration options for the Authorization Server's UserInfo Endpoint.
oauth2ResourceServer() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures OAuth 2.0 Resource Server support.
oauth2ResourceServer() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures OAuth 2.0 Resource Server support.
oauth2ResourceServer(Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures OAuth 2.0 Resource Server support.
oauth2ResourceServer(Customizer<ServerHttpSecurity.OAuth2ResourceServerSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures OAuth 2.0 Resource Server support.
OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource: An AbstractHttpConfigurer for OAuth 2.0 Resource Server Support.
OAuth2ResourceServerConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
OAuth2ResourceServerConfigurer.JwtConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource
OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource
OAuth2ResourceServerSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
objectPostProcessor(AutowireCapableBeanFactory) - Method in class org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration
objectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Specifies the ObjectPostProcessor to use.
ObjectPostProcessor<T> - Interface in org.springframework.security.config.annotation: Allows initialization of Objects.
ObjectPostProcessorConfiguration - Class in org.springframework.security.config.annotation.configuration: Spring Configuration that exports the default ObjectPostProcessor.
ObjectPostProcessorConfiguration() - Constructor for class org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration
oidcUserService(OAuth2UserService<OidcUserRequest, OidcUser>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig: Sets the OpenID Connect 1.0 service used for obtaining the user attributes of the End-User from the UserInfo Endpoint.
OKTA - org.springframework.security.config.oauth2.client.CommonOAuth2Provider
OPAQUE_TOKEN - Static variable in class org.springframework.security.config.Elements
opaqueToken() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
opaqueToken() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec: Enables Opaque Token Resource Server support.
opaqueToken(Customizer<OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer: Enables opaque bearer token support.
opaqueToken(Customizer<ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec: Enables Opaque Token Resource Server support.
OPENID_ATTRIBUTE - Static variable in class org.springframework.security.config.Elements
OPENID_ATTRIBUTE_EXCHANGE - Static variable in class org.springframework.security.config.Elements
OPENID_LOGIN - Static variable in class org.springframework.security.config.Elements
openidLogin() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Deprecated.
The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by spring-security-oauth2.
openidLogin(Customizer<OpenIDLoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Deprecated.
The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by spring-security-oauth2.
OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.openid: Deprecated.
The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by spring-security-oauth2.
OpenIDLoginConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer: Deprecated.

Creates a new instance
OpenIDLoginConfigurer.AttributeExchangeConfigurer - Class in org.springframework.security.config.annotation.web.configurers.openid: Deprecated.

A class used to add OpenID attributes to look up
OpenIDLoginConfigurer.AttributeExchangeConfigurer.AttributeConfigurer - Class in org.springframework.security.config.annotation.web.configurers.openid: Deprecated.

Configures an OpenIDAttribute
order() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity: Deprecated.

Indicate the ordering of the execution of the security advisor when multiple advices are applied at a specific joinpoint.
order() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity: Indicate the ordering of the execution of the security advisor when multiple advices are applied at a specific joinpoint.
org.springframework.security.config - package org.springframework.security.config: Support classes for the Spring Security namespace.
org.springframework.security.config.annotation - package org.springframework.security.config.annotation
org.springframework.security.config.annotation.authentication - package org.springframework.security.config.annotation.authentication
org.springframework.security.config.annotation.authentication.builders - package org.springframework.security.config.annotation.authentication.builders
org.springframework.security.config.annotation.authentication.configuration - package org.springframework.security.config.annotation.authentication.configuration
org.springframework.security.config.annotation.authentication.configurers.ldap - package org.springframework.security.config.annotation.authentication.configurers.ldap
org.springframework.security.config.annotation.authentication.configurers.provisioning - package org.springframework.security.config.annotation.authentication.configurers.provisioning
org.springframework.security.config.annotation.authentication.configurers.userdetails - package org.springframework.security.config.annotation.authentication.configurers.userdetails
org.springframework.security.config.annotation.configuration - package org.springframework.security.config.annotation.configuration
org.springframework.security.config.annotation.method.configuration - package org.springframework.security.config.annotation.method.configuration
org.springframework.security.config.annotation.rsocket - package org.springframework.security.config.annotation.rsocket
org.springframework.security.config.annotation.web - package org.springframework.security.config.annotation.web
org.springframework.security.config.annotation.web.builders - package org.springframework.security.config.annotation.web.builders
org.springframework.security.config.annotation.web.configuration - package org.springframework.security.config.annotation.web.configuration
org.springframework.security.config.annotation.web.configurers - package org.springframework.security.config.annotation.web.configurers
org.springframework.security.config.annotation.web.configurers.oauth2.client - package org.springframework.security.config.annotation.web.configurers.oauth2.client
org.springframework.security.config.annotation.web.configurers.oauth2.server.resource - package org.springframework.security.config.annotation.web.configurers.oauth2.server.resource
org.springframework.security.config.annotation.web.configurers.openid - package org.springframework.security.config.annotation.web.configurers.openid
org.springframework.security.config.annotation.web.configurers.saml2 - package org.springframework.security.config.annotation.web.configurers.saml2
org.springframework.security.config.annotation.web.messaging - package org.springframework.security.config.annotation.web.messaging
org.springframework.security.config.annotation.web.reactive - package org.springframework.security.config.annotation.web.reactive
org.springframework.security.config.annotation.web.servlet.configuration - package org.springframework.security.config.annotation.web.servlet.configuration
org.springframework.security.config.annotation.web.socket - package org.springframework.security.config.annotation.web.socket
org.springframework.security.config.authentication - package org.springframework.security.config.authentication: Parsing of <authentication-manager> and related elements.
org.springframework.security.config.core - package org.springframework.security.config.core
org.springframework.security.config.core.userdetails - package org.springframework.security.config.core.userdetails
org.springframework.security.config.crypto - package org.springframework.security.config.crypto
org.springframework.security.config.debug - package org.springframework.security.config.debug
org.springframework.security.config.http - package org.springframework.security.config.http: Parsing of the <http> namespace element.
org.springframework.security.config.ldap - package org.springframework.security.config.ldap: Security namespace support for LDAP authentication.
org.springframework.security.config.method - package org.springframework.security.config.method: Support for parsing of the <global-method-security> and <intercept-methods> elements.
org.springframework.security.config.oauth2.client - package org.springframework.security.config.oauth2.client
org.springframework.security.config.provisioning - package org.springframework.security.config.provisioning
org.springframework.security.config.saml2 - package org.springframework.security.config.saml2
org.springframework.security.config.web.server - package org.springframework.security.config.web.server
org.springframework.security.config.websocket - package org.springframework.security.config.websocket

P

parentAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder: Allows providing a parent AuthenticationManager that will be tried if this AuthenticationManager was unable to attempt to authenticate the provided Authentication.
parse(Element, ParserContext) - Method in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.authentication.AuthenticationProviderBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.DebugBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.CorsBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.CsrfBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.FilterChainBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.FilterInvocationSecurityMetadataSourceParser: Deprecated.
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.FormLoginBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.HeadersBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.HttpFirewallBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser: The aim of this method is to build the list of filters which have been defined by the namespace elements and attributes within the <http> configuration, along with any custom-filter's linked to user-defined filter beans.
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.WellKnownChangePasswordBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.ldap.LdapProviderBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser: Deprecated.
parse(Element, ParserContext) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.oauth2.client.ClientRegistrationsBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.saml2.RelyingPartyRegistrationsBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.SecurityNamespaceHandler
parse(Element, ParserContext) - Method in class org.springframework.security.config.websocket.WebSocketMessageBrokerSecurityBeanDefinitionParser
parseInternal(Element, ParserContext) - Method in class org.springframework.security.config.method.MethodSecurityMetadataSourceBeanDefinitionParser: Deprecated.
password(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder: Populates the password.
PASSWORD_ENCODER - Static variable in class org.springframework.security.config.Elements
PASSWORD_MANAGEMENT - Static variable in class org.springframework.security.config.Elements
passwordAttribute(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer: The attribute in the directory which contains the user password.
passwordCompare() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
passwordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer: Allows specifying the PasswordEncoder to use.
passwordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: Specifies the PasswordEncoder to be used when authenticating with password comparison.
passwordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer: Allows specifying the PasswordEncoder to use with the DaoAuthenticationProvider.
PasswordEncoderParser - Class in org.springframework.security.config.authentication: Stateful parser for the <password-encoder> element.
PasswordEncoderParser(Element, ParserContext) - Constructor for class org.springframework.security.config.authentication.PasswordEncoderParser
passwordManagement() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures password management.
passwordManagement(Customizer<PasswordManagementConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Adds support for the password management.
passwordManagement(Customizer<ServerHttpSecurity.PasswordManagementSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures password management.
PasswordManagementConfigurer> - Class in org.springframework.security.config.annotation.web.configurers: Adds password management support.
PasswordManagementConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer
passwordParameter(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer: The HTTP parameter to look for the password when performing authentication.
pathMatchers(String...) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry: Maps a List of PathPatternParserServerWebExchangeMatcher instances that do not care which HttpMethod is used.
pathMatchers(HttpMethod) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry: Maps a List of PathPatternParserServerWebExchangeMatcher instances.
pathMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry: Maps a List of PathPatternParserServerWebExchangeMatcher instances.
PayloadInterceptorOrder - Enum in org.springframework.security.config.annotation.rsocket: The standard order for PayloadInterceptor to be sorted.
performBuild() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Subclasses must implement this method to build the object that is being returned.
performBuild() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
performBuild() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
performBuild() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
permissionsPolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows configuration for Permissions Policy.
permissionsPolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures Permissions-Policy response header.
permissionsPolicy(Customizer<HeadersConfigurer.PermissionsPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows configuration for Permissions Policy.
permissionsPolicy(Customizer<ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures Permissions-Policy response header.
permitAll() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Equivalent of invoking permitAll(true)
permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specify that URLs are allowed by anyone.
permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl: Deprecated.

Specify that URLs are allowed by anyone.
permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: A shortcut for LogoutConfigurer.permitAll(boolean) with true as an argument.
permitAll() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint: Deprecated.

Specify that Messages are allowed by anyone.
permitAll() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access: Allow access for anyone
permitAll(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Ensures the urls for AbstractAuthenticationFilterConfigurer.failureUrl(String) as well as for the HttpSecurityBuilder, the AbstractAuthenticationFilterConfigurer.getLoginPage() and AbstractAuthenticationFilterConfigurer.getLoginProcessingUrl() are granted access to any user.
permitAll(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer: Grants access to the LogoutConfigurer.logoutSuccessUrl(String) and the LogoutConfigurer.logoutUrl(String) for every user.
PERSON_MAPPER_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
policy(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.PermissionsPolicyConfig: Sets the policy to be used in the response header.
policy(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec: Sets the policy to be used in the response header.
policy(CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginEmbedderPolicyConfig: Sets the policy to be used in the Cross-Origin-Embedder-Policy header
policy(CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginOpenerPolicyConfig: Sets the policy to be used in the Cross-Origin-Opener-Policy header
policy(CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginResourcePolicyConfig: Sets the policy to be used in the Cross-Origin-Resource-Policy header
policy(ReferrerPolicyHeaderWriter.ReferrerPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ReferrerPolicyConfig: Sets the policy to be used in the response header.
policy(CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec: Sets the value to be used in the `Cross-Origin-Embedder-Policy` header
policy(CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec: Sets the value to be used in the `Cross-Origin-Opener-Policy` header
policy(CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec: Sets the value to be used in the `Cross-Origin-Resource-Policy` header
policy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec: Sets the policy to be used in the response header.
policyDirectives(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig: Sets the security policy directive(s) to be used in the response header.
policyDirectives(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec: Sets the security policy directive(s) to be used in the response header.
port(int) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder: The port to connect to LDAP to (the default is 33389 or random available port if unavailable).
PORT_MAPPING - Static variable in class org.springframework.security.config.Elements
PORT_MAPPINGS - Static variable in class org.springframework.security.config.Elements
portMapper() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring a PortMapper that is available from AbstractConfiguredSecurityBuilder.getSharedObject(Class).
portMapper(Customizer<PortMapperConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring a PortMapper that is available from AbstractConfiguredSecurityBuilder.getSharedObject(Class).
portMapper(PortMapper) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer: Allows specifying the PortMapper instance.
portMapper(PortMapper) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec: Configures a custom HTTPS port to redirect to
PortMapperConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Allows configuring a shared PortMapper instance used to determine the ports when redirecting between HTTP and HTTPS.
PortMapperConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer: Creates a new instance
PortMapperConfigurer.HttpPortMapping - Class in org.springframework.security.config.annotation.web.configurers: Allows specifying the HTTPS port for a given HTTP port when redirecting between HTTP and HTTPS.
POST_INVOCATION_ADVICE - Static variable in class org.springframework.security.config.Elements
PostAuthorizeAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
postBuildAction(Runnable) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity: Executes the Runnable immediately after the build takes place
postProcess(O) - Method in interface org.springframework.security.config.annotation.ObjectPostProcessor: Initialize the object possibly returning a modified instance that should be used instead.
postProcess(P) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Performs post processing of an object.
postProcess(T) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter: Performs post processing of an object.
postProcessBeanDefinitionRegistry(BeanDefinitionRegistry) - Method in class org.springframework.security.config.debug.SecurityDebugBeanFactoryPostProcessor
postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.crypto.RsaKeyConversionServicePostProcessor
postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.debug.SecurityDebugBeanFactoryPostProcessor
postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.ldap.ContextSourceSettingPostProcessor
PRE_INVOCATION_ADVICE - Static variable in class org.springframework.security.config.Elements
PreAuthorizeAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
preInvocationAuthorizationAdvice() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Creates the PreInvocationAuthorizationAdvice to be used.
preload(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig: If true, preload will be included in HSTS Header.
preload(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec: Configures if preload should be included.
prePostEnabled() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity: Deprecated.

Determines if Spring Security's pre post annotations should be enabled.
prePostEnabled() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity: Determines if Spring Security's PreAuthorize, PostAuthorize, PreFilter, and PostFilter annotations should be enabled.
principal(Object) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer: Sets the principal for Authentication objects of anonymous users
principal(Object) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec: Sets the principal for Authentication objects of anonymous users
principalExtractor(X509PrincipalExtractor) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
privilegeEvaluator() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration: Creates the WebInvocationPrivilegeEvaluator that is necessary to evaluate privileges for a given web URI
privilegeEvaluator(WebInvocationPrivilegeEvaluator) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity: Set the WebInvocationPrivilegeEvaluator to be used.
PROTECT - Static variable in class org.springframework.security.config.Elements
PROTECT_POINTCUT - Static variable in class org.springframework.security.config.Elements
ProviderManagerBuilder> - Interface in org.springframework.security.config.annotation.authentication: Interface for operating on a SecurityBuilder that creates a ProviderManager
proxyTargetClass() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity: Deprecated.

Indicate whether subclass-based (CGLIB) proxies are to be created (true) as opposed to standard Java interface-based proxies (false).
proxyTargetClass() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity: Indicate whether subclass-based (CGLIB) proxies are to be created as opposed to standard Java interface-based proxies.
proxyTargetClass() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity: Indicate whether subclass-based (CGLIB) proxies are to be created as opposed to standard Java interface-based proxies.
publicKey(RSAPublicKey) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec: Configures a ReactiveJwtDecoder that leverages the provided RSAPublicKey

R

ReactiveUserDetailsServiceResourceFactoryBean - Class in org.springframework.security.config.core.userdetails: Constructs an MapReactiveUserDetailsService from a resource using UserDetailsResourceFactoryBean.
ReactiveUserDetailsServiceResourceFactoryBean() - Constructor for class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
REACTOR_CONTEXT - org.springframework.security.config.web.server.SecurityWebFiltersOrder: ReactorContextWebFilter
realmName(String) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer: Allows easily changing the realm, but leaving the remaining defaults in place.
redirectionEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer: Returns the OAuth2LoginConfigurer.RedirectionEndpointConfig for configuring the Client's Redirection Endpoint.
redirectionEndpoint(Customizer<OAuth2LoginConfigurer.RedirectionEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer: Configures the Client's Redirection Endpoint.
redirectStrategy(RedirectStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry: Sets the RedirectStrategy instances to use in RetryWithHttpEntryPoint and RetryWithHttpsEntryPoint
redirectToHttps() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures HTTPS redirection rules.
redirectToHttps(Customizer<ServerHttpSecurity.HttpsRedirectSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures HTTPS redirection rules.
referrerPolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows configuration for Referrer Policy.
referrerPolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures Referrer-Policy response header.
referrerPolicy(Customizer<HeadersConfigurer.ReferrerPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows configuration for Referrer Policy.
referrerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures Referrer-Policy response header.
referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer: Allows configuration for Referrer Policy.
referrerPolicy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec: Configures Referrer-Policy response header.
regex - org.springframework.security.config.http.MatcherType
regexMatcher(String) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Deprecated.
use HttpSecurity.securityMatcher(RequestMatcher) with a RegexRequestMatcher instead
regexMatchers(String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Deprecated.
use AbstractRequestMatcherRegistry.requestMatchers(RequestMatcher...) with a RegexRequestMatcher instead
regexMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Deprecated.
use AbstractRequestMatcherRegistry.requestMatchers(RequestMatcher...) with a RegexRequestMatcher instead
registerAuthenticationEntryPoint(B, AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
registerDefaultAuthenticationEntryPoint(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
registerMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry: Subclasses should implement this method for returning the object that is chained to the creation of the ServerWebExchangeMatcher instances.
registerMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
registerStompEndpoints(StompEndpointRegistry) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer: Deprecated.
RELYING_PARTY_REGISTRATIONS - Static variable in class org.springframework.security.config.Elements
relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer: Sets the RelyingPartyRegistrationRepository of relying parties, each party representing a service provider, SP and this host, and identity provider, IDP pair that communicate with each other.
relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer: Sets the RelyingPartyRegistrationRepository of relying parties, each party representing a service provider, SP and this host, and identity provider, IDP pair that communicate with each other.
RelyingPartyRegistrationsBeanDefinitionParser - Class in org.springframework.security.config.saml2
RelyingPartyRegistrationsBeanDefinitionParser() - Constructor for class org.springframework.security.config.saml2.RelyingPartyRegistrationsBeanDefinitionParser
REMEMBER_ME - Static variable in class org.springframework.security.config.Elements
rememberMe() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring of Remember Me authentication.
rememberMe() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl: Specify that URLs are allowed by users that have been remembered.
rememberMe() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl: Deprecated.

Specify that URLs are allowed by users that have been remembered.
rememberMe() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint: Deprecated.

Specify that Messages are allowed by users that have been remembered.
rememberMe(Customizer<RememberMeConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring of Remember Me authentication.
RememberMeConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Configures Remember Me authentication.
RememberMeConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: Creates a new instance
rememberMeCookieDomain(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: The domain name within which the remember me cookie is visible.
rememberMeCookieName(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: The name of cookie which store the token for remember me authentication.
rememberMeParameter(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: The HTTP parameter used to indicate to remember the user at time of login.
rememberMeServices(RememberMeServices) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: Specify the RememberMeServices to use.
removeConfigurer(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Removes and returns the SecurityConfigurer by its class name or null if not found.
removeConfigurer(Class<C>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder: Removes the SecurityConfigurer by its class name or null if not found.
removeConfigurers(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Removes all the SecurityConfigurer instances by its class name or an empty List if not found.
reportOnly() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig: Enables (includes) the Content-Security-Policy-Report-Only header in the response.
reportOnly(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig: Deprecated.

If true, the browser should not terminate the connection with the server.
reportOnly(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec: Whether to include the Content-Security-Policy-Report-Only header in the response.
reportUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig: Deprecated.

Sets the URI to which the browser should report pin validation failures.
reportUri(URI) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig: Deprecated.

Sets the URI to which the browser should report pin validation failures.
REQUEST_CACHE - Static variable in class org.springframework.security.config.Elements
requestCache() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring the Request Cache.
requestCache() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures the request cache which is used when a flow is interrupted (i.e.
requestCache(Customizer<RequestCacheConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring the Request Cache.
requestCache(Customizer<ServerHttpSecurity.RequestCacheSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: Configures the request cache which is used when a flow is interrupted (i.e.
requestCache(RequestCache) - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer: Allows explicit configuration of the RequestCache to be used.
requestCache(ServerRequestCache) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec: Configures the cache used
RequestCacheConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Adds request cache for Spring Security.
RequestCacheConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer
requestDataValueProcessor() - Method in class org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration: Deprecated.
requestMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Deprecated.
use HttpSecurity.securityMatcher(RequestMatcher) instead
requestMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig: Sets the RequestMatcher used to determine if the "Strict-Transport-Security" should be added.
requestMatchers - Variable in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl
requestMatchers() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Deprecated.
use HttpSecurity.securityMatchers() instead
requestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: If the HandlerMappingIntrospector is available in the classpath, maps to an MvcRequestMatcher that does not care which HttpMethod is used.
requestMatchers(HttpMethod) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: If the HandlerMappingIntrospector is available in the classpath, maps to an MvcRequestMatcher that matches on a specific HttpMethod.
requestMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: If the HandlerMappingIntrospector is available in the classpath, maps to an MvcRequestMatcher that also specifies a specific HttpMethod to match on.
requestMatchers(Customizer<HttpSecurity.RequestMatcherConfigurer>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Deprecated.
use HttpSecurity.securityMatchers(Customizer) instead
requestMatchers(RequestMatcher...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry: Associates a list of RequestMatcher instances with the AbstractConfigAttributeRequestMatcherRegistry
requestRejectedHandler(RequestRejectedHandler) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity: Sets the handler to handle RequestRejectedException
requireCsrfProtectionMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec: Configures the ServerWebExchangeMatcher used to determine when CSRF protection is enabled.
requireCsrfProtectionMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer: Specify the RequestMatcher to use for determining when CSRF should be applied.
required(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer.AttributeConfigurer: Deprecated.

Specifies that this attribute is required.
requireExplicitAuthenticationStrategy(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Setting this means that explicit invocation of SessionAuthenticationStrategy is required.
requireExplicitSave(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer
requires(String) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl
requiresAuthenticationMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec: Configures when authentication is performed.
requiresChannel() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures channel security.
requiresChannel(Customizer<ChannelSecurityConfigurer.ChannelRequestMatcherRegistry>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures channel security.
requiresInsecure() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl
requiresLogout(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec: Configures when the log out will be triggered.
requiresSecure() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl
rolePrefix(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: A non-empty string prefix that will be added as a prefix to the existing roles.
rolePrefix(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer: A non-empty string prefix that will be added to role strings loaded from persistent storage (default is "").
rolePrefix(String) - Method in class org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer
roles(String...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder: Populates the roles.
root(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder: Optional root suffix for the embedded LDAP server.
route(String) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
RsaKeyConversionServicePostProcessor - Class in org.springframework.security.config.crypto: Adds RsaKeyConverters to the configured ConversionService or PropertyEditors
RsaKeyConversionServicePostProcessor() - Constructor for class org.springframework.security.config.crypto.RsaKeyConversionServicePostProcessor
RSocketSecurity - Class in org.springframework.security.config.annotation.rsocket: Allows configuring RSocket based security.
RSocketSecurity() - Constructor for class org.springframework.security.config.annotation.rsocket.RSocketSecurity
RSocketSecurity.AuthorizePayloadsSpec - Class in org.springframework.security.config.annotation.rsocket
RSocketSecurity.AuthorizePayloadsSpec.Access - Class in org.springframework.security.config.annotation.rsocket
RSocketSecurity.BasicAuthenticationSpec - Class in org.springframework.security.config.annotation.rsocket
RSocketSecurity.JwtSpec - Class in org.springframework.security.config.annotation.rsocket
RSocketSecurity.SimpleAuthenticationSpec - Class in org.springframework.security.config.annotation.rsocket
runAsManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Provide a custom RunAsManager for the default implementation of GlobalMethodSecurityConfiguration.methodSecurityInterceptor(MethodSecurityMetadataSource).

S

sameOrigin() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig: Specify to allow any request that comes from the same origin to frame this application.
sameOriginDisabled() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer: Deprecated.

Determines if a CSRF token is required for connecting.
SAML2_LOGIN - Static variable in class org.springframework.security.config.Elements
SAML2_LOGOUT - Static variable in class org.springframework.security.config.Elements
saml2Login() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures authentication support using an SAML 2.0 Service Provider.
saml2Login(Customizer<Saml2LoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures authentication support using an SAML 2.0 Service Provider.
Saml2LoginConfigurer> - Class in org.springframework.security.config.annotation.web.configurers.saml2: An AbstractHttpConfigurer for SAML 2.0 Login, which leverages the SAML 2.0 Web Browser Single Sign On (WebSSO) Flow.
Saml2LoginConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
saml2Logout() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures logout support for an SAML 2.0 Relying Party.
saml2Logout(Customizer<Saml2LogoutConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Configures logout support for an SAML 2.0 Relying Party.
Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.saml2: Adds SAML 2.0 logout support.
Saml2LogoutConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer: Creates a new instance
Saml2LogoutConfigurer.LogoutRequestConfigurer - Class in org.springframework.security.config.annotation.web.configurers.saml2: A configurer for SAML 2.0 LogoutRequest components
Saml2LogoutConfigurer.LogoutResponseConfigurer - Class in org.springframework.security.config.annotation.web.configurers.saml2
securedEnabled() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity: Deprecated.

Determines if Spring Security's Secured annotations should be enabled.
securedEnabled() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity: Determines if Spring Security's Secured annotation should be enabled.
SECURITY_CONTEXT_SERVER_WEB_EXCHANGE - org.springframework.security.config.web.server.SecurityWebFiltersOrder: SecurityContextServerWebExchangeWebFilter
SecurityBuilder<O> - Interface in org.springframework.security.config.annotation: Interface for building an Object
SecurityConfigurer<O,B extends SecurityBuilder<O>> - Interface in org.springframework.security.config.annotation: Allows for configuring a SecurityBuilder.
SecurityConfigurerAdapter<O,B extends SecurityBuilder<O>> - Class in org.springframework.security.config.annotation: A base class for SecurityConfigurer that allows subclasses to only implement the methods they are interested in.
SecurityConfigurerAdapter() - Constructor for class org.springframework.security.config.annotation.SecurityConfigurerAdapter
securityContext() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Sets up management of the SecurityContext on the SecurityContextHolder between HttpServletRequest's.
securityContext(Customizer<SecurityContextConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Sets up management of the SecurityContext on the SecurityContextHolder between HttpServletRequest's.
securityContextChannelInterceptor() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer: Deprecated.
SecurityContextConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Allows persisting and restoring of the SecurityContext found on the SecurityContextHolder for each request by configuring the SecurityContextPersistenceFilter.
SecurityContextConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer: Creates a new instance
securityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
securityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer: Specifies the shared SecurityContextRepository that is to be used
securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec: The ServerSecurityContextRepository used to save the Authentication.
securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec: The ServerSecurityContextRepository used to save the Authentication.
securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec: The ServerSecurityContextRepository used to save the Authentication.
securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: The strategy used with ReactorContextWebFilter.
SecurityDebugBeanFactoryPostProcessor - Class in org.springframework.security.config.debug
SecurityDebugBeanFactoryPostProcessor() - Constructor for class org.springframework.security.config.debug.SecurityDebugBeanFactoryPostProcessor
securityInterceptor(FilterSecurityInterceptor) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity: Deprecated.
Use WebSecurity.privilegeEvaluator(WebInvocationPrivilegeEvaluator) instead
securityMatcher(String...) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring the HttpSecurity to only be invoked when matching the provided pattern.
securityMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity: The ServerExchangeMatcher that determines which requests apply to this HttpSecurity instance.
securityMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring the HttpSecurity to only be invoked when matching the provided RequestMatcher.
securityMatchers() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows specifying which HttpServletRequest instances this HttpSecurity will be invoked on.
securityMatchers(Customizer<HttpSecurity.RequestMatcherConfigurer>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows specifying which HttpServletRequest instances this HttpSecurity will be invoked on.
SecurityNamespaceHandler - Class in org.springframework.security.config: Parses elements from the "security" namespace (http://www.springframework.org/schema/security).
SecurityNamespaceHandler() - Constructor for class org.springframework.security.config.SecurityNamespaceHandler
SecurityWebFiltersOrder - Enum in org.springframework.security.config.web.server
SERVER_REQUEST_CACHE - org.springframework.security.config.web.server.SecurityWebFiltersOrder: ServerRequestCacheWebFilter
ServerHttpSecurity - Class in org.springframework.security.config.web.server: A ServerHttpSecurity is similar to Spring Security's HttpSecurity but for WebFlux.
ServerHttpSecurity() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity
ServerHttpSecurity.AnonymousSpec - Class in org.springframework.security.config.web.server: Configures anonymous authentication
ServerHttpSecurity.AuthorizeExchangeSpec - Class in org.springframework.security.config.web.server: Configures authorization
ServerHttpSecurity.AuthorizeExchangeSpec.Access - Class in org.springframework.security.config.web.server: Configures the access for a particular set of exchanges.
ServerHttpSecurity.CorsSpec - Class in org.springframework.security.config.web.server: Configures CORS support within Spring Security.
ServerHttpSecurity.CsrfSpec - Class in org.springframework.security.config.web.server: Configures CSRF Protection
ServerHttpSecurity.ExceptionHandlingSpec - Class in org.springframework.security.config.web.server: Configures exception handling
ServerHttpSecurity.FormLoginSpec - Class in org.springframework.security.config.web.server: Configures Form Based authentication
ServerHttpSecurity.HeaderSpec - Class in org.springframework.security.config.web.server: Configures HTTP Response Headers.
ServerHttpSecurity.HeaderSpec.CacheSpec - Class in org.springframework.security.config.web.server: Configures cache control headers
ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec - Class in org.springframework.security.config.web.server: Configures Content-Security-Policy response header.
ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec - Class in org.springframework.security.config.web.server: The content type headers
ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec - Class in org.springframework.security.config.web.server: Configures the Cross-Origin-Embedder-Policy header
ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec - Class in org.springframework.security.config.web.server: Configures the Cross-Origin-Opener-Policy header
ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec - Class in org.springframework.security.config.web.server: Configures the Cross-Origin-Resource-Policy header
ServerHttpSecurity.HeaderSpec.FeaturePolicySpec - Class in org.springframework.security.config.web.server: Configures Feature-Policy response header.
ServerHttpSecurity.HeaderSpec.FrameOptionsSpec - Class in org.springframework.security.config.web.server: Configures frame options response header
ServerHttpSecurity.HeaderSpec.HstsSpec - Class in org.springframework.security.config.web.server: Configures Strict Transport Security response header
ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec - Class in org.springframework.security.config.web.server: Configures Permissions-Policy response header.
ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec - Class in org.springframework.security.config.web.server: Configures Referrer-Policy response header.
ServerHttpSecurity.HeaderSpec.XssProtectionSpec - Class in org.springframework.security.config.web.server: Configures x-xss-protection response header
ServerHttpSecurity.HttpBasicSpec - Class in org.springframework.security.config.web.server: Configures HTTP Basic Authentication
ServerHttpSecurity.HttpsRedirectSpec - Class in org.springframework.security.config.web.server: Configures HTTPS redirection rules
ServerHttpSecurity.LogoutSpec - Class in org.springframework.security.config.web.server: Configures log out
ServerHttpSecurity.OAuth2ClientSpec - Class in org.springframework.security.config.web.server
ServerHttpSecurity.OAuth2LoginSpec - Class in org.springframework.security.config.web.server
ServerHttpSecurity.OAuth2ResourceServerSpec - Class in org.springframework.security.config.web.server: Configures OAuth2 Resource Server Support
ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec - Class in org.springframework.security.config.web.server: Configures JWT Resource Server Support
ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec - Class in org.springframework.security.config.web.server: Configures Opaque Token Resource Server support
ServerHttpSecurity.PasswordManagementSpec - Class in org.springframework.security.config.web.server: Configures password management.
ServerHttpSecurity.RequestCacheSpec - Class in org.springframework.security.config.web.server: Configures the request cache which is used when a flow is interrupted (i.e.
ServerHttpSecurity.X509Spec - Class in org.springframework.security.config.web.server: Configures X509 authentication
servletApi() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Integrates the HttpServletRequest methods with the values found on the SecurityContext.
servletApi(Customizer<ServletApiConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Integrates the HttpServletRequest methods with the values found on the SecurityContext.
ServletApiConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Implements select methods from the HttpServletRequest using the SecurityContext from the SecurityContextHolder.
ServletApiConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer: Creates a new instance
servletPath(String) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity.MvcMatchersRequestMatcherConfigurer
servletPath(String) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.MvcMatchersIgnoredRequestConfigurer: Deprecated.
servletPath(String) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.MvcMatchersAuthorizedUrl: Deprecated.

Configures servletPath to MvcRequestMatchers.
servletPath(String) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.MvcMatchersRequiresChannelUrl
servletPath(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.MvcMatchersAuthorizedUrl: Deprecated.
servletPath(String) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.MvcMatchersAuthorizedUrl: Deprecated.
SESSION_MANAGEMENT - Static variable in class org.springframework.security.config.Elements
sessionAuthenticationErrorUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Defines the URL of the error page which should be shown when the SessionAuthenticationStrategy raises an exception.
sessionAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Defines the AuthenticationFailureHandler which will be used when the SessionAuthenticationStrategy raises an exception.
sessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer: Specify the SessionAuthenticationStrategy to use.
sessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Allows explicitly specifying the SessionAuthenticationStrategy.
sessionConcurrency(Customizer<SessionManagementConfigurer.ConcurrencyControlConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Controls the maximum number of sessions for a user.
sessionCreationPolicy(SessionCreationPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Allows specifying the SessionCreationPolicy
SessionCreationPolicy - Enum in org.springframework.security.config.http: Specifies the various session creation policies for Spring Security.
sessionFixation() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Allows changing the default SessionFixationProtectionStrategy.
sessionFixation(Customizer<SessionManagementConfigurer.SessionFixationConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Allows configuring session fixation protection.
SessionFixationConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer
sessionManagement() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring of Session Management.
sessionManagement(Customizer<SessionManagementConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity: Allows configuring of Session Management.
SessionManagementConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Allows configuring session management.
SessionManagementConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer: Creates a new instance
SessionManagementConfigurer.ConcurrencyControlConfigurer - Class in org.springframework.security.config.annotation.web.configurers: Allows configuring controlling of multiple sessions.
SessionManagementConfigurer.SessionFixationConfigurer - Class in org.springframework.security.config.annotation.web.configurers: Allows configuring SessionFixation protection
sessionRegistry(SessionRegistry) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer: Controls the SessionRegistry implementation used.
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter: Deprecated.
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer: Deprecated.
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.http.UserDetailsServiceFactoryBean
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
setAuthenticationConfiguration(AuthenticationConfiguration) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter: Deprecated.
setAuthenticationFilter(F) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Sets the Authentication Filter
setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory: Sets the GrantedAuthoritiesMapper used for converting the authorities loaded from storage to a new set of authorities which will be associated to the UsernamePasswordAuthenticationToken.
setBeanClassLoader(ClassLoader) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
setBeanFactory(BeanFactory) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.
setBeanFactory(BeanFactory) - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
setBuilder(B) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter: Sets the SecurityBuilder to be used.
setContentNegotationStrategy(ContentNegotiationStrategy) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter: Deprecated.
setContextSource(BaseLdapPathContextSource) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory: Sets the BaseLdapPathContextSource used to perform LDAP authentication.
setDefaultNameRequired(boolean) - Method in class org.springframework.security.config.ldap.ContextSourceSettingPostProcessor
setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
setFilterChainProxySecurityConfigurer(ObjectPostProcessor<Object>, ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration: Sets the <SecurityConfigurer<FilterChainProxy, WebSecurityBuilder> instances used to create the web configuration.
setGlobalAuthenticationConfigurers(List<GlobalAuthenticationConfigurerAdapter>) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
setImportMetadata(AnnotationMetadata) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.

Obtains the attributes from EnableGlobalMethodSecurity if this class was imported using the EnableGlobalMethodSecurity annotation.
setImportMetadata(AnnotationMetadata) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
setLdapAuthoritiesPopulator(LdapAuthoritiesPopulator) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory: Sets the LdapAuthoritiesPopulator used to obtain a list of granted authorities for an LDAP user.
setLdif(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean: Specifies an LDIF to load at startup for an embedded LDAP server.
setManagerDn(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean: Username (DN) of the "manager" user identity (i.e.
setManagerPassword(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean: The password for the manager DN.
setMessageExpessionHandler(List<SecurityExpressionHandler<Message<Object>>>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer: Deprecated.
setMessageExpressionHandler(List<SecurityExpressionHandler<Message<Object>>>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer: Deprecated.
setMethodSecurityExpressionHandler(List<MethodSecurityExpressionHandler>) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.
setObjectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
setObjectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration: Deprecated.
setObjectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter: Deprecated.
setObjectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer: Deprecated.
setPasswordAttribute(String) - Method in class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory: The attribute in the directory which contains the user password.
setPasswordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory: Specifies the PasswordEncoder to be used when authenticating with password comparison.
setPort(int) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean: The port to connect to LDAP to (the default is 33389 or random available port if unavailable).
setResource(Resource) - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean: Sets a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
setResource(Resource) - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean: Sets a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
setResource(Resource) - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean: Sets a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.crypto.RsaKeyConversionServicePostProcessor
setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
setResourceLocation(String) - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean: Sets the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
setResourceLocation(String) - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean: Sets the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
setResourceLocation(String) - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean: Sets the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
setRoot(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean: Optional root suffix for the embedded LDAP server.
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
setServletContext(ServletContext) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
setSharedObject(Class<C>, C) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder: Sets an object that is shared by multiple SecurityConfigurer.
setSharedObject(Class<C>, C) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
setSharedObject(Class<C>, C) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder: Sets an object that is shared by multiple SecurityConfigurer.
setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter: Deprecated.
setup() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
setUserDetailsContextMapper(UserDetailsContextMapper) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory: Sets a custom strategy to be used for creating the UserDetails which will be stored as the principal in the Authentication.
setUserDnPatterns(String...) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory: If your users are at a fixed location in the directory (i.e.
setUserSearchBase(String) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory: Search base for user searches.
setUserSearchFilter(String) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory: The LDAP filter used to search for users (optional).
shouldFilterAllDispatcherTypes(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry: Sets whether all dispatcher types should be filtered.
simpDestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry: Deprecated.

Maps a List of SimpDestinationMessageMatcher instances without regard to the SimpMessageType.
simpDestPathMatcher(PathMatcher) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry: Deprecated.

The PathMatcher to be used with the MessageSecurityMetadataSourceRegistry.simpDestMatchers(String...).
simpleAuthentication(Customizer<RSocketSecurity.SimpleAuthenticationSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity: Adds support for validating a username and password using Simple Authentication
simpMessageDestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry: Deprecated.

Maps a List of SimpDestinationMessageMatcher instances that match on SimpMessageType.MESSAGE.
simpSubscribeDestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry: Deprecated.

Maps a List of SimpDestinationMessageMatcher instances that match on SimpMessageType.SUBSCRIBE.
simpTypeMatchers(SimpMessageType...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry: Deprecated.

Maps a List of SimpDestinationMessageMatcher instances.
SPRING_SECURITY_FILTER_CHAIN - Static variable in class org.springframework.security.config.BeanIds: External alias for FilterChainProxy bean, for use in web.xml files
springSecurityFilterChain() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration: Creates the Spring Security Filter Chain
STATELESS - org.springframework.security.config.http.SessionCreationPolicy: Spring Security will never create an HttpSession and it will never use it to obtain the SecurityContext
subjectPrincipalRegex(String) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer: Specifies the regex to extract the principal from the certificate.
successForwardUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer: Forward Authentication Success Handler
successHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Specifies the AuthenticationSuccessHandler to be used.
supports(Class<?>) - Method in class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider

T

tokenEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer: Returns the OAuth2LoginConfigurer.TokenEndpointConfig for configuring the Authorization Server's Token Endpoint.
tokenEndpoint(Customizer<OAuth2LoginConfigurer.TokenEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer: Configures the Authorization Server's Token Endpoint.
tokenFromMultipartDataEnabled(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec: Deprecated.
Use ServerCsrfTokenRequestAttributeHandler.setTokenFromMultipartDataEnabled(boolean) instead
tokenRepository(PersistentTokenRepository) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: Specifies the PersistentTokenRepository to use.
tokenValiditySeconds(int) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: Allows specifying how long (in seconds) a token is valid for
type(String) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer.AttributeConfigurer: Deprecated.

The OpenID attribute type.

U

updateAccessDefaults(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Updates the default values for access.
updateAuthenticationDefaults() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer: Updates the default values for authentication.
url(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder: Specifies the ldap server URL when not using the embedded LDAP server.
UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers: Deprecated.
Use AuthorizeHttpRequestsConfigurer instead
UrlAuthorizationConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer: Deprecated.
UrlAuthorizationConfigurer.AuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers: Deprecated.

Maps the specified RequestMatcher instances to ConfigAttribute instances.
UrlAuthorizationConfigurer.MvcMatchersAuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers: Deprecated.

An UrlAuthorizationConfigurer.AuthorizedUrl that allows optionally configuring the MvcRequestMatcher.setMethod(HttpMethod)
UrlAuthorizationConfigurer.StandardInterceptUrlRegistry - Class in org.springframework.security.config.annotation.web.configurers: Deprecated.
useAuthorizationManager() - Method in annotation type org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity: Indicate whether ReactiveAuthorizationManager based Method Security to be used.
USER_DETAILS_SERVICE - Static variable in class org.springframework.security.config.BeanIds
USER_DETAILS_SERVICE_FACTORY - Static variable in class org.springframework.security.config.BeanIds
USER_SERVICE - Static variable in class org.springframework.security.config.Elements
userAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig: Sets the GrantedAuthoritiesMapper used for mapping OAuth2AuthenticatedPrincipal.getAuthorities().
userCache(UserCache) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer: Defines the UserCache to use
UserDetailsAwareConfigurer,U extends org.springframework.security.core.userdetails.UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails: Base class that allows access to the UserDetailsService for using as a default value with AuthenticationManagerBuilder.
UserDetailsAwareConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsAwareConfigurer
userDetailsContextMapper(UserDetailsContextMapper) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: Allows explicit customization of the loaded user object by specifying a UserDetailsContextMapper bean which will be called with the context information from the user's directory entry.
UserDetailsManagerConfigurer,C extends UserDetailsManagerConfigurer<B,C>> - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning: Base class for populating an AuthenticationManagerBuilder with a UserDetailsManager.
UserDetailsManagerConfigurer(UserDetailsManager) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer
UserDetailsManagerConfigurer.UserDetailsBuilder - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning: Builds the user to be added.
UserDetailsManagerResourceFactoryBean - Class in org.springframework.security.config.provisioning: Constructs an InMemoryUserDetailsManager from a resource using UserDetailsResourceFactoryBean.
UserDetailsManagerResourceFactoryBean() - Constructor for class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
UserDetailsMapFactoryBean - Class in org.springframework.security.config.core.userdetails: Creates a Collection<UserDetails> from a @{code Map} in the format of
UserDetailsMapFactoryBean(Map<String, String>) - Constructor for class org.springframework.security.config.core.userdetails.UserDetailsMapFactoryBean
userDetailsPasswordManager(UserDetailsPasswordService) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer
UserDetailsResourceFactoryBean - Class in org.springframework.security.config.core.userdetails: Parses a Resource that is a Properties file in the format of: username=password[,enabled|disabled],roles...
UserDetailsResourceFactoryBean() - Constructor for class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
userDetailsService() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter: Deprecated.

Allows modifying and accessing the UserDetailsService from WebSecurityConfigurerAdapter.userDetailsServiceBean() without interacting with the ApplicationContext.
userDetailsService(UserDetailsService) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
userDetailsService(UserDetailsService) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: Specifies the UserDetailsService used to look up the UserDetails when a remember me token is valid.
userDetailsService(UserDetailsService) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer: Shortcut for invoking X509Configurer.authenticationUserDetailsService(AuthenticationUserDetailsService) with a UserDetailsByNameServiceWrapper.
userDetailsService(UserDetailsService) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder: Allows adding an additional UserDetailsService to be used
userDetailsService(T) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder: Add authentication based upon the custom UserDetailsService that is passed in.
userDetailsServiceBean() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter: Deprecated.

Override this method to expose a UserDetailsService created from WebSecurityConfigurerAdapter.configure(AuthenticationManagerBuilder) as a bean.
UserDetailsServiceConfigurer,C extends UserDetailsServiceConfigurer<B,C,U>,U extends org.springframework.security.core.userdetails.UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails: Allows configuring a UserDetailsService within a AuthenticationManagerBuilder.
UserDetailsServiceConfigurer(U) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer: Creates a new instance
UserDetailsServiceFactoryBean - Class in org.springframework.security.config.http: Bean used to lookup a named UserDetailsService or AuthenticationUserDetailsService.
UserDetailsServiceFactoryBean() - Constructor for class org.springframework.security.config.http.UserDetailsServiceFactoryBean
userDnPatterns(String...) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: If your users are at a fixed location in the directory (i.e.
userInfoEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer: Returns the OAuth2LoginConfigurer.UserInfoEndpointConfig for configuring the Authorization Server's UserInfo Endpoint.
userInfoEndpoint(Customizer<OAuth2LoginConfigurer.UserInfoEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer: Configures the Authorization Server's UserInfo Endpoint.
usernameParameter(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer: The HTTP parameter to look for the username when performing authentication.
usersByUsernameQuery(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer: Sets the query to be used for finding a user by their username.
userSearchBase(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: Search base for user searches.
userSearchFilter(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer: The LDAP filter used to search for users (optional).
userService(OAuth2UserService<OAuth2UserRequest, OAuth2User>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig: Sets the OAuth 2.0 service used for obtaining the user attributes of the End-User from the UserInfo Endpoint.
UserServiceBeanDefinitionParser - Class in org.springframework.security.config.authentication
UserServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.UserServiceBeanDefinitionParser
useSecureCookie(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer: Whether the cookie should be flagged as secure or not.





V

validate(FilterChainProxy) - Method in class org.springframework.security.config.http.DefaultFilterChainValidator
 
valueOf(String) - Static method in enum org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder

Returns the enum constant of this type with the specified name.

valueOf(String) - Static method in enum org.springframework.security.config.http.MatcherType

Returns the enum constant of this type with the specified name.

valueOf(String) - Static method in enum org.springframework.security.config.http.SessionCreationPolicy

Returns the enum constant of this type with the specified name.

valueOf(String) - Static method in enum org.springframework.security.config.oauth2.client.CommonOAuth2Provider

Returns the enum constant of this type with the specified name.

valueOf(String) - Static method in enum org.springframework.security.config.web.server.SecurityWebFiltersOrder

Returns the enum constant of this type with the specified name.

values() - Static method in enum org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder

Returns an array containing the constants of this enum type, in
the order they are declared.

values() - Static method in enum org.springframework.security.config.http.MatcherType

Returns an array containing the constants of this enum type, in
the order they are declared.

values() - Static method in enum org.springframework.security.config.http.SessionCreationPolicy

Returns an array containing the constants of this enum type, in
the order they are declared.

values() - Static method in enum org.springframework.security.config.oauth2.client.CommonOAuth2Provider

Returns an array containing the constants of this enum type, in
the order they are declared.

values() - Static method in enum org.springframework.security.config.web.server.SecurityWebFiltersOrder

Returns an array containing the constants of this enum type, in
the order they are declared.





W

WebMvcSecurityConfiguration - Class in org.springframework.security.config.annotation.web.servlet.configuration

Deprecated.
This is applied internally using SpringWebMvcImportSelector


WebMvcSecurityConfiguration() - Constructor for class org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration

Deprecated.
 
WebSecurity - Class in org.springframework.security.config.annotation.web.builders


 The WebSecurity is created by WebSecurityConfiguration to create the
 FilterChainProxy known as the Spring Security Filter Chain
 (springSecurityFilterChain).

WebSecurity(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.web.builders.WebSecurity

Creates a new instance

WebSecurity.IgnoredRequestConfigurer - Class in org.springframework.security.config.annotation.web.builders

Allows registering RequestMatcher instances that should be ignored by
 Spring Security.

WebSecurity.MvcMatchersIgnoredRequestConfigurer - Class in org.springframework.security.config.annotation.web.builders

Deprecated.
use MvcRequestMatcher.Builder instead


WebSecurityConfiguration - Class in org.springframework.security.config.annotation.web.configuration

Uses a WebSecurity to create the FilterChainProxy that performs the web
 based security for Spring Security.

WebSecurityConfiguration() - Constructor for class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
 
WebSecurityConfigurer<T extends SecurityBuilder<javax.servlet.Filter>> - Interface in org.springframework.security.config.annotation.web

Allows customization to the WebSecurity.

WebSecurityConfigurerAdapter - Class in org.springframework.security.config.annotation.web.configuration

Deprecated.
Use a SecurityFilterChain Bean to
 configure HttpSecurity or a WebSecurityCustomizer Bean to configure
 WebSecurity.      @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
             .authorizeHttpRequests((authz) ->
                 authz.anyRequest().authenticated()
             );
             // ...
         return http.build();
     }

    @Bean
    public WebSecurityCustomizer webSecurityCustomizer(WebSecurity web) {
        return (web) -> web.ignoring().antMatchers("/resources/**");
    }
 
 See the Spring
 Security without WebSecurityConfigurerAdapter for more details.


WebSecurityConfigurerAdapter() - Constructor for class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Deprecated.
Creates an instance with the default configuration enabled.

WebSecurityConfigurerAdapter(boolean) - Constructor for class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

Deprecated.
Creates an instance which allows specifying if the default configuration should be
 enabled.

WebSecurityCustomizer - Interface in org.springframework.security.config.annotation.web.configuration

Callback interface for customizing WebSecurity.

webSecurityExpressionHandler() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
 
WEBSOCKET_MESSAGE_BROKER - Static variable in class org.springframework.security.config.Elements
 
WebSocketMessageBrokerSecurityBeanDefinitionParser - Class in org.springframework.security.config.websocket

Parses Spring Security's websocket namespace support.

WebSocketMessageBrokerSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.websocket.WebSocketMessageBrokerSecurityBeanDefinitionParser
 
WellKnownChangePasswordBeanDefinitionParser - Class in org.springframework.security.config.http

The bean definition parser for a Well-Known URL for Changing Passwords.

WellKnownChangePasswordBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.WellKnownChangePasswordBeanDefinitionParser
 
withDefaults() - Static method in interface org.springframework.security.config.Customizer

Returns a Customizer that does not alter the input argument.

withDefaultSchema() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer

Populates the default schema that allows users and authorities to be stored.

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer

Adds an ObjectPostProcessor for this class.

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer

Adds an ObjectPostProcessor for this class.

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
 
withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry

Adds an ObjectPostProcessor for this class.

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry

Adds an ObjectPostProcessor for this class.

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry

Deprecated.
Adds an ObjectPostProcessor for this class.

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry

Deprecated.
Adds an ObjectPostProcessor for this class.

withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer

Deprecated.
Adds an ObjectPostProcessor for this class.

withPins(Map<String, String>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig

Deprecated.

 Sets the value for the pin- directive of the Public-Key-Pins header.

withUser(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer

Allows adding a user to the UserDetailsManager that is being created.

withUser(User.UserBuilder) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer

Allows adding a user to the UserDetailsManager that is being created.

withUser(UserDetails) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer

Allows adding a user to the UserDetailsManager that is being created.

writer(ServerHttpHeadersWriter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures custom headers writer





X

x509() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures X509 based pre authentication.

x509() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures x509 authentication using a certificate provided by a client.

x509(Customizer<X509Configurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity

Configures X509 based pre authentication.

x509(Customizer<ServerHttpSecurity.X509Spec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity

Configures x509 authentication using a certificate provided by a client.

X509 - Static variable in class org.springframework.security.config.Elements
 
x509AuthenticationFilter(X509AuthenticationFilter) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer

Allows specifying the entire X509AuthenticationFilter.

X509Configurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers

Adds X509 based pre authentication to an application.

X509Configurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.X509Configurer

Creates a new instance

x509PrincipalExtractor(X509PrincipalExtractor) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer

Specifies the X509PrincipalExtractor

xssProtection() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Note this is not comprehensive XSS protection!

xssProtection() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures x-xss-protection response header.

xssProtection(Customizer<HeadersConfigurer.XXssConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer

Note this is not comprehensive XSS protection!

xssProtection(Customizer<ServerHttpSecurity.HeaderSpec.XssProtectionSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Configures x-xss-protection response header.

xssProtectionEnabled(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig

Deprecated.
use
 HeadersConfigurer.XXssConfig.headerValue(XXssProtectionHeaderWriter.HeaderValue) instead



A B C D E F G H I J K L M N O P R S T U V W X 
All Classes All Packages